Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

USBDriver.exe infects all removeable USB drives

Started by veg , Dec 03 2014 05:30 PM

  • Please log in to reply

#1
veg
Posted 03 December 2014 - 05:30 PM

veg

    New Member

  • Member
  • Pip
  • 4 posts

Hi, I have a malware/virus on my removeable USB drives. It's a file named USBDriver.exe. After I delete it manually, it copies to the root path of each USB drive on the machine, only when the USB drive is inserted while Windows is running. I'm using Windows 7, the file's size is 49152 bytes. Can you please help me remove it?

 

I've done a scan of the file on virustotal.com

https://www.virustot...sis/1417643471/

 

I've had this same problem back on my older machine, which runs Win XP. I was careful not to insert my USB anywhere else, including this brand new install of Win 7. I went through Ubuntu and removed the USBDriver.exe files out of the USB drives before plugging the USB drives to the new Win 7 machine. I don't know how it came back. It's very frustrating.

 

One difference I've noticed between Win XP behaviour and Win 7 is that in Win XP another file called autorun.inf was created alongside USBDriver.exe. In Win 7 I've disabled the Autorun feature (using the Control Panel option to turn it off), so that might be related.

 

Another thing to note is that removeable devices that windows recognizes as Hard Disk Drives (in the Computer view) do not have USBDriver.exe copied to their root path.

 

I'm assuming some program is copying it back there every time, which has access to my whole system, and should also be removed.

 

Thanks,

Veg

 

 

 

OTL logfile created on: 12/4/2014 01:18:34 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.94 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 50.36% Memory free
7.88 Gb Paging File | 5.64 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 54.90 Gb Total Space | 25.92 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
Drive E: | 465.73 Gb Total Space | 217.72 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive G: | 29.80 Gb Total Space | 29.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 58.43 Gb Total Space | 56.47 Gb Free Space | 96.64% Space Free | Partition Type: FAT32
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/04 00:39:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
PRC - [2014/10/07 15:35:06 | 000,843,480 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe
PRC - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013/07/21 22:34:12 | 000,055,808 | ---- | M] (Brian Apps Products) -- C:\Program Files\sizer_dev482\sizer.exe
PRC - [2012/05/10 08:19:42 | 000,049,152 | -H-- | M] () -- C:\Users\user\AppData\Local\wscntfy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/02 06:00:52 | 001,446,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d93099e1faaa28fc715b4fc64e010238\HD-Agent.ni.exe
MOD - [2014/12/02 06:00:46 | 000,155,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\ed9302abc94cce786710d77fd1410886\JSON.ni.dll
MOD - [2014/11/26 21:14:00 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014/11/26 21:07:07 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a229c5bed4a12b5db6ca55d223ada6df\System.ServiceProcess.ni.dll
MOD - [2014/11/26 21:07:02 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014/11/26 21:06:45 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/11/26 21:06:41 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/11/26 21:06:39 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/11/26 21:06:37 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/11/26 21:06:28 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/11/26 21:06:25 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2012/05/10 08:19:42 | 000,049,152 | -H-- | M] () -- C:\Users\user\AppData\Local\wscntfy.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/26 20:38:44 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/16 00:03:18 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/10/10 22:03:32 | 001,851,008 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/10/07 15:36:00 | 000,782,040 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc)
SRV - [2014/10/07 15:33:56 | 000,388,824 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2014/10/07 15:33:20 | 000,409,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/25 19:02:19 | 000,940,760 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/09/16 00:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/09/15 23:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/06/21 19:01:22 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/06/12 09:48:46 | 000,087,472 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2013/06/12 09:48:46 | 000,032,688 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2013/06/12 09:48:46 | 000,032,688 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/10/07 15:33:44 | 000,122,072 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/he-il/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 63 5C B5 A0 09 D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Wikipedia (English)"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:8.0.5
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.3
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7BFFA36170-80B1-4535-B0E3-A4569E497DD0%7D:3.2pre.20110705
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:2.0.5
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe80%7D:0.9
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2014.07.06.05
FF - prefs.js..extensions.enabledAddons: inspector%40mozilla.org:2.0.14
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {dc0fa13e-3db0-73ec-e852-912722c85409}:0.3.5.1
FF - prefs.js..extensions.enabledItems: {9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}:2.1
FF - prefs.js..extensions.enabledItems: {767467bc-3723-4bcb-acf1-d4d311b04ffd}:0.7.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.3
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.14
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.78.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.7
FF - prefs.js..network.proxy.socks_version: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 33.0.2\extensions\\Components: C:\PROGRAM FILES\WATERFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 33.0.2\extensions\\Plugins: C:\PROGRAM FILES\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/11/26 19:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2014/12/03 16:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2014/11/26 20:12:47 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,661,655 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,398,450 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:45 | 000,114,352 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 002,551,527 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,029,990 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 000,005,231 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,179,297 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:12:46 | 000,023,913 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\[email protected]
[2014/11/26 20:13:11 | 000,108,965 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi
[2014/11/26 20:13:11 | 000,075,799 | -H-- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2014/11/26 20:13:11 | 000,293,729 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014/11/26 20:13:11 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2014/11/26 20:13:11 | 000,081,094 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{75e19832-90c0-4553-91a0-e5d0ac5d99fd}.xpi
[2014/11/26 20:13:11 | 000,021,964 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi
[2014/11/26 20:13:11 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi
[2014/11/26 20:13:11 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/11/26 20:12:46 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/26 20:13:11 | 000,304,000 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/11/26 20:13:11 | 000,025,134 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2014/11/26 20:13:11 | 000,042,134 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2014/11/26 20:12:48 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png
[2011/01/27 16:57:24 | 000,001,635 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\firefox-add-ons.xml
[2011/02/26 16:15:10 | 000,001,421 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\ninjawords.xml
[2011/10/05 22:30:20 | 000,002,039 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\stack-overflow.xml
[2008/12/17 21:10:16 | 000,004,096 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\Thumbs.db
[2010/05/19 01:49:40 | 000,001,011 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\torrentz-search.xml
[2010/05/18 23:52:58 | 000,001,312 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\wikipedia.xml
[2010/05/19 01:50:01 | 000,002,057 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\youtube-video-search.xml
[2014/11/26 19:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/26 19:46:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpimoebmfjpfnbhjgdgiacjfebmmmci\2.6_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.7_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/12/04 00:10:41 | 000,000,844 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 q.zonja.ru
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [Windows-Audio Driver] C:\Users\user\AppData\Local\wscntfy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26DD86C0-7E3E-493A-886E-B04F9DCFFB33}: NameServer = 62.219.186.7 192.117.235.237
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B488603A-8096-4686-A09C-1A000F7A8A83}: DhcpNameServer = 10.0.0.138
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/05/29 04:13:03 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012/11/02 22:39:44 | 000,000,059 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/12/04 00:51:28 | 000,000,128 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/03 23:43:25 | 000,000,000 | ---D | C] -- C:\mIRC
[2014/12/02 23:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2014/12/02 10:53:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Skype
[2014/12/02 10:53:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2014/12/02 10:53:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/12/02 10:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/12/02 10:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/12/02 10:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2014/12/02 06:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2014/12/02 06:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2014/12/02 06:00:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Bluestacks
[2014/12/01 04:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2014/12/01 04:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2014/12/01 02:10:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Sizer
[2014/12/01 02:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\sizer_dev482
[2014/12/01 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Atropa
[2014/12/01 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Atropa
[2014/12/01 00:55:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mylau
[2014/12/01 00:55:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mylau
[2014/12/01 00:44:49 | 000,000,000 | ---D | C] -- C:\xulrunner
[2014/12/01 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\user\.idlerc
[2014/12/01 00:21:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4
[2014/12/01 00:21:14 | 000,000,000 | ---D | C] -- C:\Python34
[2014/12/01 00:03:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\nw-test
[2014/12/01 00:00:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\node-webkit
[2014/11/30 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/30 22:59:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Locktime
[2014/11/30 22:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 3
[2014/11/30 22:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\NetLimiter 3
[2014/11/30 22:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2014/11/30 22:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/11/30 22:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/11/30 22:57:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google
[2014/11/30 22:49:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics
[2014/11/30 22:42:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/11/30 22:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\Chrome
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\he-IL
[2014/11/28 02:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\he
[2014/11/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2014/11/28 02:18:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\he
[2014/11/28 02:18:36 | 000,000,000 | ---D | C] -- C:\Windows\he-IL
[2014/11/28 02:17:29 | 000,003,072 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\he-IL\pscr.sys.mui
[2014/11/28 02:17:27 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerId.sys.mui
[2014/11/28 02:17:27 | 000,008,704 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrSerIb.sys.mui
[2014/11/28 02:17:27 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\he-IL\BrParwdm.sys.mui
[2014/11/27 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ColorCop
[2014/11/27 15:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
[2014/11/27 15:40:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Chromium
[2014/11/27 15:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SRWare Iron
[2014/11/27 15:39:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2014/11/27 03:47:24 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/11/27 03:47:17 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/11/27 03:46:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieUserList
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieSiteList
[2014/11/27 03:43:36 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieBrowserModeList
[2014/11/27 03:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/11/27 03:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/11/27 01:35:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/11/27 01:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2014/11/27 01:35:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Notepad++
[2014/11/27 01:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2014/11/27 01:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASIS
[2014/11/27 01:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASIS
[2014/11/27 00:50:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia
[2014/11/27 00:50:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2014/11/27 00:46:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2014/11/27 00:46:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014/11/27 00:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2014/11/26 21:02:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe
[2014/11/26 20:27:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2014/11/26 20:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/11/26 20:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/11/26 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder
[2014/11/26 19:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Files Finder
[2014/11/26 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2014/11/26 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2014/11/26 19:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/26 19:44:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ATI
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ATI
[2014/11/26 19:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014/11/26 19:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014/11/26 19:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014/11/26 19:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014/11/26 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014/11/26 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2014/11/26 19:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/26 19:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014/11/26 19:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014/11/26 19:37:23 | 000,000,000 | ---D | C] -- C:\AMD
[2014/11/26 19:37:00 | 000,000,000 | ---D | C] -- C:\Intel
[2014/11/26 19:35:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2014/11/26 19:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2014/11/26 19:35:17 | 002,162,992 | ---- | C] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll
[2014/11/26 19:35:17 | 002,101,848 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/11/26 19:35:17 | 001,411,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2014/11/26 19:35:17 | 001,048,824 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/11/26 19:35:17 | 000,724,728 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/11/26 19:35:17 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/11/26 19:35:17 | 000,451,096 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2014/11/26 19:35:17 | 000,366,104 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2014/11/26 19:35:17 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2014/11/26 19:35:17 | 000,326,680 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2014/11/26 19:35:17 | 000,246,008 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/11/26 19:35:17 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/11/26 19:35:17 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/11/26 19:35:17 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/11/26 19:35:16 | 000,889,592 | ---- | C] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/11/26 19:35:16 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/11/26 19:35:16 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/11/26 19:35:16 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/11/26 19:35:16 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/11/26 19:35:15 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/11/26 19:35:15 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/11/26 19:35:15 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/11/26 19:35:15 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/11/26 19:35:15 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/11/26 19:35:15 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/11/26 19:35:12 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/11/26 19:35:12 | 005,751,560 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/11/26 19:35:12 | 000,942,384 | ---- | C] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/11/26 19:35:12 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/11/26 19:35:12 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/11/26 19:35:12 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/11/26 19:35:12 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/11/26 19:35:11 | 012,967,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2014/11/26 19:35:11 | 001,313,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/11/26 19:35:11 | 000,979,280 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/11/26 19:35:11 | 000,662,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/11/26 19:35:10 | 014,048,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/11/26 19:35:10 | 002,041,432 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/11/26 19:35:10 | 001,499,984 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/11/26 19:35:10 | 001,353,472 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2014/11/26 19:35:10 | 001,136,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/11/26 19:35:10 | 000,922,880 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/11/26 19:35:10 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/11/26 19:35:10 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/11/26 19:35:09 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/11/26 19:35:09 | 000,300,704 | ---- | C] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2014/11/26 19:35:08 | 002,770,976 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/11/26 19:35:08 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/11/26 19:35:08 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/11/26 19:35:08 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/11/26 19:35:08 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/11/26 19:35:08 | 000,501,184 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/11/26 19:35:08 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/11/26 19:35:08 | 000,487,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/11/26 19:35:08 | 000,415,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/11/26 19:35:07 | 006,218,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/11/26 19:35:07 | 001,939,800 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/11/26 19:35:07 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/11/26 19:35:07 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/11/26 19:35:07 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/11/26 19:35:07 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/11/26 19:35:07 | 000,315,736 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/11/26 19:35:07 | 000,261,464 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/11/26 19:35:07 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/11/26 19:35:07 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/11/26 19:35:07 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/11/26 19:35:07 | 000,113,576 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/11/26 19:34:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2014/11/26 19:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2014/11/26 19:32:10 | 000,940,760 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2014/11/26 19:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/11/26 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2014/11/26 19:30:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apps
[2014/11/26 17:51:50 | 000,000,000 | ---D | C] -- C:\inetpub
[2014/11/26 17:51:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2014/11/26 17:50:43 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2014/11/26 17:49:32 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/26 17:49:32 | 000,000,000 | -H-D | C] -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/26 17:49:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2014/11/26 17:49:26 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2014/11/26 17:49:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2014/11/26 17:49:24 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2014/11/26 17:49:24 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2014/11/26 17:49:24 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2014/11/26 17:49:24 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temp
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2014/11/26 17:49:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2014/11/26 17:49:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/11/26 17:49:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/04 01:04:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/04 00:33:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 00:33:27 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/04 00:32:50 | 000,505,536 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\autorunsc.exe
[2014/12/04 00:32:49 | 000,593,080 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\autoruns.exe
[2014/12/04 00:32:40 | 002,480,312 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\user\Desktop\procexp.exe
[2014/12/03 23:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/03 10:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/02 23:16:01 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/12/01 05:08:25 | 000,000,517 | ---- | M] () -- C:\Users\user\Documents\a.ahk
[2014/11/30 23:04:53 | 001,247,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/30 23:04:53 | 000,662,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/30 23:04:53 | 000,392,068 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2014/11/30 23:04:53 | 000,121,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/30 23:04:53 | 000,084,542 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2014/11/30 22:59:48 | 000,002,279 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/30 22:58:58 | 3173,376,000 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/30 22:57:49 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/28 02:18:34 | 000,229,316 | ---- | M] () -- C:\Windows\SysNative\perfi00D.dat
[2014/11/28 02:18:34 | 000,032,166 | ---- | M] () -- C:\Windows\SysNative\perfd00D.dat
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/11/27 03:47:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/11/26 21:36:59 | 000,000,000 | -H-- | M] () -- C:\Users\user\Documents\Default.rdp
[2014/11/26 20:59:31 | 000,265,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/26 20:49:29 | 000,773,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/11/26 20:38:45 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/11/26 20:38:44 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/11/26 20:11:13 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/26 19:45:02 | 000,001,437 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/26 19:41:04 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014/11/26 19:35:31 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/11/26 19:32:01 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2014/11/25 19:02:44 | 002,162,992 | ---- | M] (Yamaha Corporation) -- C:\Windows\SysNative\YamahaAE.dll
[2014/11/25 19:02:43 | 002,121,008 | ---- | M] () -- C:\Windows\SysNative\SStudio.dll
[2014/11/25 19:02:43 | 002,101,848 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2014/11/25 19:02:43 | 001,411,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRRPTR64.dll
[2014/11/25 19:02:43 | 000,518,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2014/11/25 19:02:43 | 000,451,096 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRAPO64.dll
[2014/11/25 19:02:43 | 000,366,104 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM64.dll
[2014/11/25 19:02:43 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysWow64\SRCOM.dll
[2014/11/25 19:02:43 | 000,326,680 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SRCOM.dll
[2014/11/25 19:02:43 | 000,211,184 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2014/11/25 19:02:43 | 000,198,896 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2014/11/25 19:02:43 | 000,155,888 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2014/11/25 19:02:42 | 005,804,772 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/11/25 19:02:42 | 001,048,824 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2014/11/25 19:02:42 | 000,889,592 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2014/11/25 19:02:42 | 000,724,728 | ---- | M] (DTS, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2014/11/25 19:02:42 | 000,246,008 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2014/11/25 19:02:42 | 000,221,024 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2014/11/25 19:02:42 | 000,081,248 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2014/11/25 19:02:42 | 000,078,688 | ---- | M] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2014/11/25 19:02:42 | 000,074,064 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2014/11/25 19:02:41 | 001,372,153 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/11/25 19:02:41 | 000,375,128 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2014/11/25 19:02:41 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2014/11/25 19:02:41 | 000,310,104 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2014/11/25 19:02:41 | 000,204,120 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2014/11/25 19:02:41 | 000,101,208 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2014/11/25 19:02:41 | 000,078,680 | ---- | M] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2014/11/25 19:02:40 | 007,164,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2014/11/25 19:02:40 | 005,751,560 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOlfx.dll
[2014/11/25 19:02:40 | 000,942,384 | ---- | M] (Nahimic Inc) -- C:\Windows\SysNative\NAHIMICAPOSettingsIPC.dll
[2014/11/25 19:02:40 | 000,434,960 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2014/11/25 19:02:40 | 000,141,584 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2014/11/25 19:02:40 | 000,124,176 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2014/11/25 19:02:40 | 000,075,024 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2014/11/25 19:02:39 | 014,048,512 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2014/11/25 19:02:39 | 012,967,680 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO3064.dll
[2014/11/25 19:02:39 | 001,313,904 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxSpeechAPO64.dll
[2014/11/25 19:02:39 | 000,979,280 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVoiceAPO2064.dll
[2014/11/25 19:02:39 | 000,662,784 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2014/11/25 19:02:38 | 002,041,432 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2014/11/25 19:02:38 | 001,499,984 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2014/11/25 19:02:38 | 001,353,472 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO6064.dll
[2014/11/25 19:02:38 | 001,136,728 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2014/11/25 19:02:38 | 000,922,880 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2014/11/25 19:02:38 | 000,663,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2014/11/25 19:02:38 | 000,603,984 | ---- | M] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2014/11/25 19:02:38 | 000,318,808 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2014/11/25 19:02:37 | 002,770,976 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2014/11/25 19:02:37 | 000,712,296 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2014/11/25 19:02:37 | 000,693,352 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2014/11/25 19:02:37 | 000,501,184 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2014/11/25 19:02:37 | 000,487,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2014/11/25 19:02:37 | 000,415,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2014/11/25 19:02:37 | 000,300,704 | ---- | M] (ICEpower a/s) -- C:\Windows\SysNative\ICEsoundAPO64.dll
[2014/11/25 19:02:36 | 006,218,072 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPP64A.dll
[2014/11/25 19:02:36 | 001,939,800 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPD64A.dll
[2014/11/25 19:02:36 | 001,756,264 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2014/11/25 19:02:36 | 001,568,360 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2014/11/25 19:02:36 | 001,486,952 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2014/11/25 19:02:36 | 000,728,680 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2014/11/25 19:02:36 | 000,491,112 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2014/11/25 19:02:36 | 000,432,744 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2014/11/25 19:02:36 | 000,428,648 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2014/11/25 19:02:36 | 000,315,736 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPO64A.dll
[2014/11/25 19:02:36 | 000,261,464 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\DDPA64.dll
[2014/11/25 19:02:36 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2014/11/25 19:02:36 | 000,242,792 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2014/11/25 19:02:36 | 000,241,768 | ---- | M] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2014/11/25 19:02:36 | 000,113,576 | ---- | M] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2014/11/25 19:02:35 | 000,109,848 | ---- | M] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/11/25 19:02:35 | 000,096,568 | ---- | M] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/11/25 19:02:26 | 000,003,008 | ---- | M] () -- C:\Windows\SysNative\drivers\DTSU2P.DAT
[2014/11/25 19:02:19 | 000,940,760 | ---- | M] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
 
========== Files Created - No Company Name ==========
 
[2014/12/02 23:13:11 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2014/12/02 23:13:11 | 000,000,894 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[2014/12/01 04:48:58 | 000,000,517 | ---- | C] () -- C:\Users\user\Documents\a.ahk
[2014/11/30 22:57:49 | 000,002,279 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/30 22:57:49 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/30 22:57:17 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/30 22:57:17 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/28 02:18:48 | 000,392,068 | ---- | C] () -- C:\Windows\SysNative\perfh00D.dat
[2014/11/28 02:18:48 | 000,229,316 | ---- | C] () -- C:\Windows\SysNative\perfi00D.dat
[2014/11/28 02:18:48 | 000,084,542 | ---- | C] () -- C:\Windows\SysNative\perfc00D.dat
[2014/11/28 02:18:48 | 000,032,166 | ---- | C] () -- C:\Windows\SysNative\perfd00D.dat
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Local\wscntfy.exe
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Roaming\lsmass.exe
[2014/11/27 03:48:08 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/11/27 03:48:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/11/27 03:47:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/11/27 03:47:17 | 3173,376,000 | -HS- | C] () -- C:\hiberfil.sys
[2014/11/26 21:36:59 | 000,000,000 | -H-- | C] () -- C:\Users\user\Documents\Default.rdp
[2014/11/26 20:38:45 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/11/26 20:38:44 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/11/26 20:02:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/11/26 19:46:23 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/11/26 19:46:22 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/11/26 19:45:02 | 000,001,437 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/26 19:41:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/11/26 19:35:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/11/26 19:35:19 | 000,003,008 | ---- | C] () -- C:\Windows\SysNative\drivers\DTSU2P.DAT
[2014/11/26 19:35:17 | 002,121,008 | ---- | C] () -- C:\Windows\SysNative\SStudio.dll
[2014/11/26 19:35:16 | 005,804,772 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2014/11/26 19:35:15 | 001,372,153 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2014/11/26 19:35:07 | 000,096,568 | ---- | C] () -- C:\Windows\SysNative\audioLibVc.dll
[2014/11/26 19:35:06 | 000,109,848 | ---- | C] () -- C:\Windows\SysNative\AcpiServiceVnA64.dll
[2014/11/26 19:34:32 | 000,773,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/11/26 19:32:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/11/26 17:49:32 | 000,001,413 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/26 17:49:24 | 000,000,290 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/26 17:49:24 | 000,000,272 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/16 00:18:02 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/09/16 00:18:02 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/09/16 00:06:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/09/16 00:06:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/09/15 18:19:58 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/01 01:00:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Atropa
[2014/11/27 17:15:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorCop
[2014/12/01 00:55:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mylau
[2014/11/27 03:49:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2014/12/01 02:10:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sizer
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

Advertisements

#2
RKinner
Posted 03 December 2014 - 11:13 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
O4 - HKCU..\Run: [Windows-Audio Driver] C:\Users\user\AppData\Local\wscntfy.exe ()
O32 - AutoRun File - [2012/11/02 22:39:44 | 000,000,059 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2014/12/04 00:51:28 | 000,000,128 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/11/27 03:48:10 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Local\wscntfy.exe
[2014/11/27 03:49:25 | 000,049,152 | -H-- | C] () -- C:\Users\user\AppData\Roaming\lsmass.exe
[2014/11/27 03:48:08 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/11/27 03:48:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\12042014-some number.log so look there if you don't see it.
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
 
Bedtime for me.  Will check back tomorrow.

  • 0

#3
veg
Posted 04 December 2014 - 10:02 AM

veg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi RKinner,

 

Thank you for your reply.

 

A note/complication: While following the steps, I've noticed that some removeable USB drives that were inactive ("Ejected"), were still plugged in to my computer, and while rebooting they have turned on. Once I realized this I unplugged them, but this was after the AdwCleaner step. I didn't want to double back and redo the first couple of steps, as that was not in the instructions you gave me and would probably be confusing. Please post back if I need to do all the steps over again.

 

 

Now the pastes:

 

 

OTL (12042014_170923.log):

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows-Audio Driver deleted successfully.
C:\Users\user\AppData\Local\wscntfy.exe moved successfully.
E:\autorun.inf moved successfully.
H:\autorun.inf moved successfully.
C:\Windows\SysWOW64\license.rtf moved successfully.
C:\Windows\SysNative\license.rtf moved successfully.
File C:\Users\user\AppData\Local\wscntfy.exe not found.
C:\Users\user\AppData\Roaming\lsmass.exe moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: user
->Flash cache emptied: 22132 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: user
 
Total Java Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12042014_170923

AdwCleaner (AdwCleaner[S0].txt):

# AdwCleaner v4.103 - Report created 04/12/2014 at 17:21:37

# Updated 01/12/2014 by Xplode

# Database : 2014-12-03.1 [Live]

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : user - USER-PC

# Running from : C:\Users\user\Downloads\AdwCleaner.exe

# Option : Clean



***** [ Services ] *****





***** [ Files / Folders ] *****





***** [ Scheduled Tasks ] *****





***** [ Shortcuts ] *****





***** [ Registry ] *****





***** [ Browsers ] *****



-\\ Internet Explorer v11.0.9600.17420





-\\ Mozilla Firefox v33.1.1 (x86 en-US)



[qdsg77xs.Default User\prefs.js] - Line Deleted : user_pref("extensions.optimizegoogle.cookies.SafeSearch", "4");

[qdsg77xs.Default User\prefs.js] - Line Deleted : user_pref("extensions.optimizegoogle.cookies.enableSafeSearch", true);



-\\ Google Chrome v39.0.2171.71



[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}



-\\ Chromium v



[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}



*************************



AdwCleaner[R0].txt - [1360 octets] - [04/12/2014 17:17:24]

AdwCleaner[R1].txt - [1369 octets] - [04/12/2014 17:20:29]

AdwCleaner[S0].txt - [1608 octets] - [04/12/2014 17:21:37]



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1668 octets] ##########

JRT (JRT.txt):

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.0 (11.29.2014:1)

OS: Windows 7 Ultimate x64

Ran by user on Thu 12/04/2014 at 17:35:07.05

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









~~~ Services







~~~ Registry Values







~~~ Registry Keys







~~~ Files







~~~ Folders



Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"







~~~ FireFox



Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\qdsg77xs.Default User\searchplugins\youtube-video-search.xml







~~~ Event Viewer Logs were cleared











~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 12/04/2014 at 17:36:36.02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014

Ran by user (administrator) on USER-PC on 04-12-2014 17:39:23

Running from C:\Users\user\Downloads

Loaded Profile: user (Available profiles: user)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



==================== Processes (Whitelisted) =================



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(Locktime Software) C:\Program Files\NetLimiter 3\nlsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Locktime Software) C:\Program Files\NetLimiter 3\NLClientApp.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe





==================== Registry (Whitelisted) ==================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-11-25] (Realtek Semiconductor)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)

HKU\S-1-5-21-831999270-2358735998-419095012-1000\...\Run: [NetLimiter] => C:\Program Files\NetLimiter 3\NLClientApp.exe [2915968 2013-10-10] (Locktime Software)

HKU\S-1-5-21-831999270-2358735998-419095012-1000\...\Run: [Windows-Audio Driver] => C:\Users\user\AppData\Local\wscntfy.exe



==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



HKU\S-1-5-21-831999270-2358735998-419095012-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-831999270-2358735998-419095012-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/he-il/?ocid=iehp

HKU\S-1-5-21-831999270-2358735998-419095012-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E635CB5A009D001

HKU\S-1-5-21-831999270-2358735998-419095012-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

Hosts: 0.0.0.0 q.zonja.ru

Tcpip\..\Interfaces\{26DD86C0-7E3E-493A-886E-B04F9DCFFB33}: [NameServer] 192.117.235.237 62.219.186.7



FireFox:

========

FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User

FF DefaultSearchEngine: Wikipedia (English)

FF SelectedSearchEngine: Wikipedia (English)

FF Homepage: about:blank

FF NetworkProxy: "socks_version", 4

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\firefox-add-ons.xml

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\ninjawords.xml

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\stack-overflow.xml

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\Thumbs.db

FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\searchplugins\torrentz-search.xml

FF Extension: DOM Inspector - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Stylish-Custom - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Forecastfox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-11-26]

FF Extension: Lightshot (screenshot tool) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-11-26]

FF Extension: FEBE - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-11-26]

FF Extension: Live HTTP Headers - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2014-11-26]

FF Extension: Mouse Gestures Redox - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} [2014-11-26]

FF Extension: Chromebug - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Classic Theme Restorer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Add-on Compatibility Reporter - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Exif Viewer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Firebug - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Hide Menubar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Element Inspector - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Status-4-Evar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Test Pilot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: The Addon Bar (restored) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\[email protected] [2014-11-26]

FF Extension: Console² - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}.xpi [2014-11-26]

FF Extension: RefControl - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2014-11-26]

FF Extension: Stylish - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2014-11-26]

FF Extension: New Tab Homepage - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi [2014-11-26]

FF Extension: Controle de Scripts - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{75e19832-90c0-4553-91a0-e5d0ac5d99fd}.xpi [2014-11-26]

FF Extension: NoUn Buttons - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{99f30549-35d4-11d9-8a2a-396c6e707e82}.xpi [2014-11-26]

FF Extension: Modify Headers - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-11-26]

FF Extension: Web Developer - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-26]

FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-26]

FF Extension: Greasemonkey - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-11-26]

FF Extension: QuickJava - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-26]

FF Extension: User Agent Switcher - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qdsg77xs.Default User\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-11-26]



Chrome:

=======

CHR StartupUrls: Default -> "about:blank"

CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Give Me CRX) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\acpimoebmfjpfnbhjgdgiacjfebmmmci [2014-11-30]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-30]

CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-01]

CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-30]



==================== Services (Whitelisted) =================



(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)

R2 nlsvc; C:\Program Files\NetLimiter 3\nlsvc.exe [1851008 2013-10-10] (Locktime Software)



==================== Drivers (Whitelisted) ====================



(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)

R1 nltdi; C:\Program Files\NetLimiter 3\nltdi.sys [87472 2013-06-12] (Locktime Software)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

S3 VGPU; System32\drivers\rdvgkmd.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)





==================== One Month Created Files and Folders ========



(If an entry is included in the fixlist, the file\folder will be moved.)



2014-12-04 17:39 - 2014-12-04 17:39 - 00011939 _____ () C:\Users\user\Downloads\FRST.txt

2014-12-04 17:37 - 2014-12-04 17:39 - 00000000 ____D () C:\FRST

2014-12-04 17:37 - 2014-12-04 17:37 - 02117632 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe

2014-12-04 17:36 - 2014-12-04 17:36 - 00000865 _____ () C:\Users\user\Desktop\JRT.txt

2014-12-04 17:35 - 2014-12-04 17:35 - 00000000 ____D () C:\Windows\ERUNT

2014-12-04 17:32 - 2014-12-04 17:32 - 01707646 _____ (Thisisu) C:\Users\user\Downloads\JRT.exe

2014-12-04 17:14 - 2014-12-04 17:21 - 00000000 ____D () C:\AdwCleaner

2014-12-04 17:14 - 2014-12-04 17:14 - 02154496 _____ () C:\Users\user\Downloads\AdwCleaner.exe

2014-12-04 17:09 - 2014-12-04 17:10 - 00000000 ____D () C:\Users\user\Documents\er

2014-12-04 17:09 - 2014-12-04 17:09 - 00000000 ____D () C:\_OTL

2014-12-04 02:18 - 2014-12-04 03:25 - 00000022 _____ () C:\Users\user\Desktop\good times.txt

2014-12-04 01:19 - 2014-12-04 01:19 - 00134504 _____ () C:\Users\user\Downloads\OTL.Txt

2014-12-04 00:43 - 2014-12-04 00:43 - 00034178 _____ () C:\Users\user\Downloads\Extras.Txt

2014-12-04 00:39 - 2014-12-04 00:39 - 00602112 _____ (OldTimer Tools) C:\Users\user\Downloads\OTL.exe

2014-12-03 23:43 - 2014-12-04 00:21 - 00000000 ____D () C:\mIRC

2014-12-03 16:04 - 2014-12-03 16:04 - 00000000 ____D () C:\Users\user\Downloads\MouseGesturesRedox{3.2pre.20110705}

2014-12-03 16:03 - 2014-12-03 16:03 - 00000000 ____D () C:\Users\user\Downloads\tab_kit_mouse_gestures-0.1.2-fx

2014-12-03 16:03 - 2014-12-03 16:03 - 00000000 ____D () C:\Users\user\Downloads\firegestures-1.8.7-fx

2014-12-03 15:05 - 2014-12-03 19:35 - 330338200 _____ () C:\Users\user\Downloads\v.mp4

2014-12-02 23:13 - 2014-12-02 23:16 - 00001095 _____ () C:\Users\Public\Desktop\Waterfox.lnk

2014-12-02 23:13 - 2014-12-02 23:13 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk

2014-12-02 23:13 - 2014-12-02 23:13 - 00000000 ____D () C:\Program Files\Waterfox

2014-12-02 10:53 - 2014-12-02 11:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype

2014-12-02 10:53 - 2014-12-02 10:53 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-02 10:53 - 2014-12-02 10:53 - 00000000 ____D () C:\Users\user\AppData\Local\Skype

2014-12-02 10:53 - 2014-12-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-12-02 10:52 - 2014-12-02 10:53 - 00000000 ____D () C:\ProgramData\Skype

2014-12-02 10:52 - 2014-12-02 10:52 - 00003142 _____ () C:\Windows\System32\Tasks\{D52FD557-5353-41C8-A4D3-DE0A536CE395}

2014-12-02 06:00 - 2014-12-02 06:05 - 00000000 ____D () C:\ProgramData\BlueStacksSetup

2014-12-02 06:00 - 2014-12-02 06:00 - 00000000 ____D () C:\Users\user\AppData\Local\Bluestacks

2014-12-02 06:00 - 2014-12-02 06:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

2014-12-02 06:00 - 2014-12-02 06:00 - 00000000 ____D () C:\ProgramData\BlueStacks

2014-12-02 06:00 - 2014-12-02 06:00 - 00000000 ____D () C:\Program Files (x86)\BlueStacks

2014-12-01 04:48 - 2014-12-01 05:08 - 00000517 _____ () C:\Users\user\Documents\a.ahk

2014-12-01 04:33 - 2014-12-01 04:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey

2014-12-01 04:33 - 2014-12-01 04:33 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey

2014-12-01 02:10 - 2014-12-01 02:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\Sizer

2014-12-01 02:09 - 2014-12-01 02:09 - 00000000 ____D () C:\Program Files\sizer_dev482

2014-12-01 01:00 - 2014-12-01 01:00 - 00000000 ____D () C:\Users\user\AppData\Roaming\Atropa

2014-12-01 01:00 - 2014-12-01 01:00 - 00000000 ____D () C:\Users\user\AppData\Local\Atropa

2014-12-01 00:59 - 2014-12-01 00:59 - 00000000 ____D () C:\Users\user\Downloads\XULRunner-Examples-master

2014-12-01 00:55 - 2014-12-01 00:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mylau

2014-12-01 00:55 - 2014-12-01 00:55 - 00000000 ____D () C:\Users\user\AppData\Local\Mylau

2014-12-01 00:44 - 2014-12-01 01:01 - 00000000 ____D () C:\xulrunner

2014-12-01 00:44 - 2014-12-01 00:45 - 00000000 ____D () C:\Users\user\Downloads\xulrunner-33.1.1.en-US.win32

2014-12-01 00:22 - 2014-12-01 00:22 - 00000000 ____D () C:\Users\user\.idlerc

2014-12-01 00:21 - 2014-12-01 00:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.4

2014-12-01 00:21 - 2014-12-01 00:21 - 00000000 ____D () C:\Python34

2014-12-01 00:03 - 2014-12-01 00:04 - 00000000 ____D () C:\Users\user\AppData\Local\nw-test

2014-12-01 00:00 - 2014-12-01 00:02 - 00000000 ____D () C:\Users\user\AppData\Local\node-webkit

2014-11-30 23:43 - 2014-11-30 23:43 - 00000000 ____D () C:\Users\user\Downloads\chrocha-irc-client-for-ch

2014-11-30 23:30 - 2014-11-30 23:30 - 00000000 ____D () C:\Users\user\Downloads\todoist-for-chromebook

2014-11-30 23:03 - 2014-11-30 23:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-11-30 22:59 - 2014-11-30 22:59 - 00000000 ____D () C:\Users\user\AppData\Local\Locktime

2014-11-30 22:58 - 2014-11-30 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 3

2014-11-30 22:58 - 2014-11-30 22:58 - 00000000 ____D () C:\ProgramData\Locktime

2014-11-30 22:58 - 2014-11-30 22:58 - 00000000 ____D () C:\Program Files\NetLimiter 3

2014-11-30 22:57 - 2014-12-04 17:30 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-30 22:57 - 2014-12-04 17:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-30 22:57 - 2014-11-30 22:57 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-11-30 22:57 - 2014-11-30 22:57 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-11-30 22:57 - 2014-11-30 22:57 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-30 22:57 - 2014-11-30 22:57 - 00000000 ____D () C:\Users\user\AppData\Local\Google

2014-11-30 22:57 - 2014-11-30 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-11-30 22:57 - 2014-11-30 22:57 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-30 22:53 - 2014-12-04 11:08 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{479D7203-8560-48B4-8A43-B75A8D058AFB}

2014-11-30 22:42 - 2014-11-30 22:42 - 00000145 _____ () C:\Users\user\Documents\err treatment.txt

2014-11-30 22:40 - 2014-11-30 22:40 - 00000000 ____D () C:\Program Files\Chrome

2014-11-28 02:18 - 2014-12-04 17:34 - 00392068 _____ () C:\Windows\system32\perfh00D.dat

2014-11-28 02:18 - 2014-12-04 17:34 - 00084542 _____ () C:\Windows\system32\perfc00D.dat

2014-11-28 02:18 - 2014-11-28 02:18 - 00229316 _____ () C:\Windows\system32\perfi00D.dat

2014-11-28 02:18 - 2014-11-28 02:18 - 00032166 _____ () C:\Windows\system32\perfd00D.dat

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\SysWOW64\he

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\SysWOW64\Drivers\he-IL

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\system32\he

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\system32\Drivers\he-IL

2014-11-28 02:18 - 2014-11-28 02:18 - 00000000 ____D () C:\Windows\he-IL

2014-11-27 19:32 - 2014-11-06 05:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-11-27 19:32 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-11-27 19:32 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-11-27 19:32 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-11-27 19:32 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-11-27 16:57 - 2014-11-27 17:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\ColorCop

2014-11-27 15:40 - 2014-11-27 15:40 - 00000000 ____D () C:\Users\user\AppData\Local\Chromium

2014-11-27 15:40 - 2014-11-27 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron

2014-11-27 15:39 - 2014-11-27 15:40 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron

2014-11-27 03:47 - 2014-11-27 03:47 - 00001355 _____ () C:\Windows\TSSysprep.log

2014-11-27 03:47 - 2014-11-27 03:47 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2014-11-27 03:46 - 2014-11-26 17:49 - 00000000 ____D () C:\Windows\Panther

2014-11-27 03:43 - 2014-11-27 03:43 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieUserList

2014-11-27 03:43 - 2014-11-27 03:43 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieSiteList

2014-11-27 03:43 - 2014-11-27 03:43 - 00000000 __SHD () C:\Users\user\AppData\Local\EmieBrowserModeList

2014-11-27 03:27 - 2014-11-27 03:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2014-11-27 03:27 - 2014-11-27 03:27 - 00000000 ____D () C:\Program Files\7-Zip

2014-11-27 01:35 - 2014-11-27 03:49 - 00000000 ____D () C:\Users\user\AppData\Roaming\Notepad++

2014-11-27 01:35 - 2014-11-27 01:35 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-11-27 01:35 - 2014-11-27 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

2014-11-27 01:35 - 2014-11-27 01:35 - 00000000 ____D () C:\Program Files (x86)\Notepad++

2014-11-27 01:27 - 2014-11-27 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASIS

2014-11-27 01:27 - 2014-11-27 01:27 - 00000000 ____D () C:\Program Files (x86)\EASIS

2014-11-27 00:50 - 2014-11-27 00:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Macromedia

2014-11-27 00:50 - 2014-11-27 00:50 - 00000000 ____D () C:\Users\user\AppData\Local\Macromedia

2014-11-27 00:46 - 2014-11-27 00:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-11-27 00:46 - 2014-11-27 00:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-11-27 00:46 - 2014-11-27 00:49 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe

2014-11-27 00:46 - 2014-11-27 00:46 - 00000000 ____D () C:\Windows\SysWOW64\Macromed

2014-11-27 00:46 - 2014-11-27 00:46 - 00000000 ____D () C:\Windows\system32\Macromed

2014-11-26 21:36 - 2014-11-26 21:36 - 00000000 ____H () C:\Users\user\Documents\Default.rdp

2014-11-26 21:02 - 2014-11-26 21:02 - 00000000 ____D () C:\Users\user\AppData\Roaming\Adobe

2014-11-26 20:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2014-11-26 20:38 - 2014-11-26 20:38 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-11-26 20:38 - 2014-11-26 20:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-11-26 20:38 - 2014-11-26 20:38 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-26 20:38 - 2014-11-26 20:38 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-11-26 20:38 - 2014-11-26 20:38 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-11-26 20:38 - 2014-11-26 20:38 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-11-26 20:38 - 2014-11-26 20:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-11-26 20:38 - 2014-11-26 20:38 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-11-26 20:38 - 2014-11-26 20:38 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-11-26 20:38 - 2014-11-26 20:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-11-26 20:38 - 2014-11-26 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-11-26 20:38 - 2014-11-26 20:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-11-26 20:38 - 2014-11-26 20:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-11-26 20:37 - 2014-11-26 20:37 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2014-11-26 20:37 - 2014-11-26 20:37 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-11-26 20:34 - 2014-11-26 20:34 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2014-11-26 20:33 - 2014-11-26 20:41 - 00013778 _____ () C:\Windows\IE11_main.log

2014-11-26 20:33 - 2014-11-26 20:33 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2014-11-26 20:33 - 2014-11-26 20:33 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2014-11-26 20:27 - 2014-12-03 22:59 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc

2014-11-26 20:27 - 2014-11-26 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2014-11-26 20:27 - 2014-11-26 20:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-11-26 20:07 - 2014-11-26 20:07 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-26 20:07 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-26 20:06 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys

2014-11-26 20:06 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll

2014-11-26 20:06 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2014-11-26 20:03 - 2014-11-11 05:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-26 20:03 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-26 20:03 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-26 20:03 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-26 20:03 - 2014-10-14 04:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-26 20:03 - 2014-10-14 04:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-26 20:03 - 2014-10-14 03:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-11-26 20:03 - 2014-10-14 03:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-11-26 20:03 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-11-26 20:03 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-11-26 20:03 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-11-26 20:03 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-11-26 20:03 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-11-26 20:03 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-11-26 20:03 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-11-26 20:03 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-11-26 20:03 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2014-11-26 20:03 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-11-26 20:03 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-11-26 20:03 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-11-26 20:03 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-11-26 20:03 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-11-26 20:03 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-11-26 20:03 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-11-26 20:03 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2014-11-26 20:03 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2014-11-26 20:03 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2014-11-26 20:03 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2014-11-26 20:03 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2014-11-26 20:03 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-11-26 20:03 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2014-11-26 20:03 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2014-11-26 20:03 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-11-26 20:03 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll

2014-11-26 20:03 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-11-26 20:03 - 2013-10-05 22:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-11-26 20:03 - 2013-10-05 21:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2014-11-26 20:03 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2014-11-26 20:03 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2014-11-26 20:03 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2014-11-26 20:03 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2014-11-26 20:03 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2014-11-26 20:03 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2014-11-26 20:03 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2014-11-26 20:03 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2014-11-26 20:03 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2014-11-26 20:03 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2014-11-26 20:03 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2014-11-26 20:03 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2014-11-26 20:02 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-26 20:02 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-11-26 20:02 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-11-26 20:02 - 2014-10-14 04:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-26 20:02 - 2014-10-14 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-26 20:02 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-11-26 20:02 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-11-26 20:02 - 2014-10-03 04:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-26 20:02 - 2014-10-03 04:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-26 20:02 - 2014-10-03 04:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-26 20:02 - 2014-10-03 04:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-26 20:02 - 2014-10-03 04:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-26 20:02 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-11-26 20:02 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-11-26 20:02 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-11-26 20:02 - 2014-09-19 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-11-26 20:02 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-11-26 20:02 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-11-26 20:02 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-11-26 20:02 - 2014-08-21 08:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-26 20:02 - 2014-08-21 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-11-26 20:02 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-11-26 20:02 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-11-26 20:02 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-11-26 20:02 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2014-11-26 20:02 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-11-26 20:02 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-11-26 20:02 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-11-26 20:02 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-11-26 20:02 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-11-26 20:02 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-11-26 20:02 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-11-26 20:02 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-11-26 20:02 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-11-26 20:02 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-11-26 20:02 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-11-26 20:02 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-11-26 20:02 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-11-26 20:02 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-11-26 20:02 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-11-26 20:02 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-11-26 20:02 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-11-26 20:02 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-11-26 20:02 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-11-26 20:02 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-11-26 20:02 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2014-11-26 20:02 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-11-26 20:02 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-11-26 20:02 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-11-26 20:02 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2014-11-26 20:02 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2014-11-26 20:02 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2014-11-26 20:02 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-11-26 20:02 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-11-26 20:02 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-11-26 20:02 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2014-11-26 20:02 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-11-26 20:02 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-11-26 20:02 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-11-26 20:02 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-11-26 20:02 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-11-26 20:02 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-11-26 20:02 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2014-11-26 20:02 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2014-11-26 20:02 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2014-11-26 20:02 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2014-11-26 20:02 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2014-11-26 20:02 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2014-11-26 20:02 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2014-11-26 20:02 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2014-11-26 20:02 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2014-11-26 20:02 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2014-11-26 20:02 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2014-11-26 20:02 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2014-11-26 20:02 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2014-11-26 20:02 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2014-11-26 20:02 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2014-11-26 20:02 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2014-11-26 20:02 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2014-11-26 20:02 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2014-11-26 20:02 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2014-11-26 20:02 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2014-11-26 20:02 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2014-11-26 20:02 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2014-11-26 20:02 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2014-11-26 20:02 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2014-11-26 20:02 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2014-11-26 20:02 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2014-11-26 20:02 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2014-11-26 20:02 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2014-11-26 20:02 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-11-26 20:02 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll

2014-11-26 20:02 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-11-26 20:02 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2014-11-26 20:02 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-11-26 20:02 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2014-11-26 20:02 - 2012-11-29 00:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2014-11-26 20:02 - 2012-11-29 00:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2014-11-26 20:02 - 2012-11-29 00:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2014-11-26 20:02 - 2012-11-23 05:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe

2014-11-26 20:02 - 2012-11-02 07:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll

2014-11-26 20:02 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2014-11-26 20:02 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2014-11-26 20:02 - 2012-09-26 00:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll

2014-11-26 20:02 - 2012-03-17 09:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

2014-11-26 20:02 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll

2014-11-26 20:02 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2014-11-26 20:02 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys

2014-11-26 20:02 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

2014-11-26 20:02 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll

2014-11-26 20:02 - 2011-10-26 07:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2014-11-26 20:02 - 2011-10-26 07:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-11-26 20:02 - 2011-10-26 06:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2014-11-26 20:02 - 2011-10-26 06:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-11-26 20:02 - 2011-08-17 07:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll

2014-11-26 20:02 - 2011-08-17 07:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax

2014-11-26 20:02 - 2011-08-17 06:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll

2014-11-26 20:02 - 2011-08-17 06:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax

2014-11-26 20:02 - 2011-07-09 04:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2014-11-26 20:02 - 2011-06-15 12:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll

2014-11-26 20:02 - 2011-06-15 12:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll

2014-11-26 20:02 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll

2014-11-26 20:02 - 2011-06-15 12:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll

2014-11-26 20:02 - 2011-06-15 10:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll

2014-11-26 20:02 - 2011-06-15 10:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll

2014-11-26 20:02 - 2011-06-15 10:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll

2014-11-26 20:02 - 2011-06-15 10:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll

2014-11-26 20:02 - 2011-06-15 10:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll

2014-11-26 20:02 - 2011-05-24 13:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll

2014-11-26 20:02 - 2011-05-24 12:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll

2014-11-26 20:02 - 2011-05-24 12:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll

2014-11-26 20:02 - 2011-05-24 12:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll

2014-11-26 20:02 - 2011-05-24 12:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2014-11-26 20:02 - 2011-04-29 05:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2014-11-26 20:02 - 2011-04-29 05:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-11-26 20:02 - 2011-04-29 05:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-11-26 20:02 - 2011-04-27 04:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-11-26 20:02 - 2011-04-27 04:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-11-26 20:02 - 2011-04-09 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2014-11-26 20:02 - 2011-04-09 07:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2014-11-26 20:02 - 2011-03-11 08:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2014-11-26 20:02 - 2011-03-11 08:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2014-11-26 20:02 - 2011-03-11 07:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll

2014-11-26 20:02 - 2011-03-11 07:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll

2014-11-26 20:02 - 2011-03-03 08:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll

2014-11-26 20:02 - 2011-03-03 08:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

2014-11-26 20:02 - 2011-03-03 08:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe

2014-11-26 20:02 - 2011-03-03 07:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll

2014-11-26 20:02 - 2011-03-03 07:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe

2014-11-26 20:02 - 2011-02-05 19:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2014-11-26 20:02 - 2011-02-05 19:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll

2014-11-26 20:02 - 2011-02-05 19:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll

2014-11-26 20:02 - 2011-02-05 19:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll

2014-11-26 20:02 - 2011-02-05 19:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2014-11-26 20:02 - 2011-02-05 19:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2014-11-26 20:02 - 2011-02-05 19:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2014-11-26 20:02 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-11-26 20:02 - 2010-12-23 12:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2014-11-26 20:02 - 2010-12-23 12:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

2014-11-26 20:02 - 2010-12-23 12:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax

2014-11-26 20:02 - 2010-12-23 07:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll

2014-11-26 20:02 - 2010-12-23 07:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll

2014-11-26 20:02 - 2010-12-23 07:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax

2014-11-26 20:01 - 2014-10-10 02:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-26 20:01 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-11-26 20:01 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-11-26 20:01 - 2014-07-17 04:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-11-26 20:01 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-11-26 20:01 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-11-26 20:01 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-11-26 20:01 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-11-26 20:01 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-11-26 20:01 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-11-26 20:01 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-11-26 20:01 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-11-26 20:01 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-11-26 20:01 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-11-26 20:01 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-11-26 20:01 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-11-26 20:01 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-11-26 20:01 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-11-26 20:01 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-11-26 20:01 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-11-26 20:01 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-11-26 20:01 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-11-26 20:01 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-11-26 20:01 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-11-26 20:01 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2014-11-26 20:01 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2014-11-26 20:01 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2014-11-26 20:01 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2014-11-26 20:01 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2014-11-26 20:01 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2014-11-26 20:01 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2014-11-26 20:01 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2014-11-26 20:01 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2014-11-26 20:01 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2014-11-26 20:01 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2014-11-26 20:01 - 2013-07-04 14:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-11-26 20:01 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2014-11-26 20:01 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2014-11-26 20:01 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2014-11-26 20:01 - 2012-07-05 00:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll

2014-11-26 20:01 - 2012-07-05 00:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll

2014-11-26 20:01 - 2012-07-05 00:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll

2014-11-26 20:01 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2014-11-26 20:01 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2014-11-26 20:01 - 2012-06-06 08:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2014-11-26 20:01 - 2012-06-06 07:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2014-11-26 20:01 - 2012-05-14 07:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-11-26 20:01 - 2012-04-26 07:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll

2014-11-26 20:01 - 2012-04-26 07:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe

2014-11-26 20:01 - 2011-12-16 10:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll

2014-11-26 20:01 - 2011-12-16 09:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

2014-11-26 20:01 - 2011-10-15 08:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2014-11-26 20:01 - 2011-10-15 07:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll

2014-11-26 20:01 - 2011-08-27 07:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll

2014-11-26 20:01 - 2011-08-27 06:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll

2014-11-26 20:01 - 2011-05-03 07:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2014-11-26 20:01 - 2011-05-03 06:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2014-11-26 20:01 - 2011-02-12 13:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe

2014-11-26 20:00 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-11-26 20:00 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-11-26 19:59 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-26 19:59 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-11-26 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-11-26 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-11-26 19:59 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2014-11-26 19:59 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2014-11-26 19:59 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2014-11-26 19:59 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2014-11-26 19:59 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2014-11-26 19:59 - 2011-02-23 06:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2014-11-26 19:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-11-26 19:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-11-26 19:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-11-26 19:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-11-26 19:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-11-26 19:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-11-26 19:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-11-26 19:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-11-26 19:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-11-26 19:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-11-26 19:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-11-26 19:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-11-26 19:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-11-26 19:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-11-26 19:51 - 2014-11-26 19:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder

2014-11-26 19:51 - 2014-11-26 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Files Finder

2014-11-26 19:51 - 2014-11-26 19:51 - 00000000 ____D () C:\Program Files (x86)\Duplicate Files Finder

2014-11-26 19:46 - 2014-11-26 20:11 - 00001179 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-26 19:46 - 2014-11-26 19:46 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-26 19:46 - 2014-11-26 19:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla

2014-11-26 19:46 - 2014-11-26 19:46 - 00000000 ____D () C:\Users\user\AppData\Local\Mozilla

2014-11-26 19:46 - 2014-11-26 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-26 19:41 - 2014-11-26 19:41 - 00057560 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-26 19:41 - 2014-11-26 19:41 - 00000000 ____D () C:\Users\user\AppData\Roaming\ATI

2014-11-26 19:41 - 2014-11-26 19:41 - 00000000 ____D () C:\Users\user\AppData\Local\ATI

2014-11-26 19:41 - 2014-11-26 19:41 - 00000000 ____D () C:\ProgramData\ATI

2014-11-26 19:41 - 2014-11-26 19:41 - 00000000 _____ () C:\Windows\ativpsrm.bin

2014-11-26 19:40 - 2014-11-26 19:40 - 00056548 _____ () C:\Windows\SysWOW64\CCCInstall_201411261940202722.log

2014-11-26 19:40 - 2014-11-26 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center

2014-11-26 19:40 - 2014-11-26 19:40 - 00000000 ____D () C:\ProgramData\AMD

2014-11-26 19:40 - 2014-11-26 19:40 - 00000000 ____D () C:\Program Files\AMD

2014-11-26 19:40 - 2014-11-26 19:40 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies

2014-11-26 19:40 - 2014-11-26 19:40 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

2014-11-26 19:39 - 2014-11-26 19:39 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies

2014-11-26 19:38 - 2014-11-26 19:39 - 00000000 ____D () C:\ProgramData\Package Cache

2014-11-26 19:38 - 2014-11-26 19:38 - 00000000 ____D () C:\Program Files\ATI Technologies

2014-11-26 19:38 - 2014-11-26 19:38 - 00000000 ____D () C:\Program Files\ATI

2014-11-26 19:37 - 2014-11-26 19:37 - 00000000 ____D () C:\Intel

2014-11-26 19:37 - 2014-11-26 19:37 - 00000000 ____D () C:\AMD

2014-11-26 19:35 - 2014-11-26 19:35 - 00000000 ____H () C:\ProgramData\DP45977C.lfl

2014-11-26 19:35 - 2014-11-26 19:35 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM

2014-11-26 19:35 - 2014-11-26 19:35 - 00000000 ____D () C:\Program Files\Realtek

2014-11-26 19:35 - 2014-11-25 19:02 - 68499456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat

2014-11-26 19:35 - 2014-11-25 19:02 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 12967680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 06218072 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat

2014-11-26 19:35 - 2014-11-25 19:02 - 05751560 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 04234456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2014-11-26 19:35 - 2014-11-25 19:02 - 03186544 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02860760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02857328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02121008 _____ () C:\Windows\system32\SStudio.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl

2014-11-26 19:35 - 2014-11-25 19:02 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01545408 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01499984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01411096 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01372153 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT

2014-11-26 19:35 - 2014-11-25 19:02 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01353472 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01136728 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00979280 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00958680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00629464 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00451096 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00366104 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00326680 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00326680 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00300704 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00096568 _____ () C:\Windows\system32\audioLibVc.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll

2014-11-26 19:35 - 2014-11-25 19:02 - 00003008 _____ () C:\Windows\system32\Drivers\DTSU2P.DAT

2014-11-26 19:34 - 2014-11-26 20:49 - 00773568 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-11-26 19:34 - 2014-11-26 19:35 - 00000000 ___HD () C:\Program Files (x86)\Temp

2014-11-26 19:34 - 2014-11-25 19:02 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll

2014-11-26 19:32 - 2014-11-26 19:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-11-26 19:32 - 2014-11-26 19:35 - 00000000 ____D () C:\Program Files (x86)\Realtek

2014-11-26 19:32 - 2014-11-26 19:32 - 00001769 _____ () C:\Windows\Language_trs.ini

2014-11-26 19:32 - 2014-11-25 19:02 - 00940760 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys

2014-11-26 19:32 - 2014-11-25 19:02 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll

2014-11-26 19:32 - 2014-11-25 19:02 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll

2014-11-26 19:30 - 2014-11-26 19:30 - 00000000 ____D () C:\Users\user\AppData\Local\Apps\2.0

2014-11-26 17:51 - 2014-11-27 05:29 - 00000000 ____D () C:\inetpub

2014-11-26 17:51 - 2014-11-26 17:51 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices

2014-11-26 17:49 - 2014-12-04 17:33 - 01963273 _____ () C:\Windows\WindowsUpdate.log

2014-11-26 17:49 - 2014-12-01 02:06 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore

2014-11-26 17:49 - 2014-11-26 21:02 - 00001413 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-11-26 17:49 - 2014-11-26 17:49 - 00000020 ___SH () C:\Users\user\ntuser.ini

2014-11-26 17:49 - 2014-11-26 17:49 - 00000000 __SHD () C:\Recovery

2014-11-26 17:49 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-26 17:49 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance



==================== One Month Modified Files and Folders =======



(If an entry is included in the fixlist, the file\folder will be moved.)



2014-12-04 17:34 - 2009-07-14 07:13 - 01247866 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-12-04 17:30 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-12-04 17:30 - 2009-07-14 06:51 - 00027487 _____ () C:\Windows\setupact.log

2014-12-04 17:29 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-04 17:29 - 2009-07-14 06:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-04 17:23 - 2010-11-21 05:47 - 00019744 _____ () C:\Windows\PFRO.log

2014-12-04 00:32 - 2014-09-11 08:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\procexp.exe

2014-12-04 00:32 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\autoruns.exe

2014-12-04 00:32 - 2014-09-11 08:57 - 00505536 _____ (Sysinternals - www.sysinternals.com) C:\Users\user\Desktop\autorunsc.exe

2014-12-02 06:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries

2014-12-01 16:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-12-01 04:33 - 2011-04-12 10:28 - 00000000 ____D () C:\Windows\ShellNew

2014-11-30 22:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-11-30 22:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-28 09:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL

2014-11-28 09:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL

2014-11-28 02:18 - 2011-04-12 10:28 - 00000000 ____D () C:\Program Files\Windows Journal

2014-11-28 02:18 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\winrm

2014-11-28 02:18 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\SysWOW64\WCN

2014-11-28 02:18 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\winrm

2014-11-28 02:18 - 2011-04-12 10:17 - 00000000 ____D () C:\Windows\system32\WCN

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer

2014-11-28 02:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\oobe

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\MUI

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\migwiz

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\servicing

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME

2014-11-28 02:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System

2014-11-27 05:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv

2014-11-27 05:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv

2014-11-27 05:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration

2014-11-27 03:48 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-11-27 03:48 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-11-27 03:47 - 2011-04-12 10:28 - 00000000 ____D () C:\Windows\CSC

2014-11-27 03:47 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log

2014-11-27 03:46 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG

2014-11-27 03:46 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

2014-11-26 20:59 - 2009-07-14 06:45 - 00265552 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-26 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK

2014-11-26 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

2014-11-26 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK

2014-11-26 20:56 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR

2014-11-26 19:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-11-26 17:51 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore

2014-11-04 14:30 - 2010-11-21 05:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe



Some content of TEMP:

====================

C:\Users\user\AppData\Local\Temp\Quarantine.exe

C:\Users\user\AppData\Local\Temp\sqlite3.dll

C:\Users\user\AppData\Local\Temp\xmlUpdater.exe





==================== Bamital & volsnap Check =================



(There is no automatic fix for files that do not pass verification.)



C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed





LastRegBack: 2014-11-27 06:03



==================== End Of Log ============================

 

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014

Ran by user at 2014-12-04 17:39:40

Running from C:\Users\user\Downloads

Boot Mode: Normal

==========================================================





==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



==================== Installed Programs ======================



(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)

BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)

Duplicate Files Finder (HKLM-x32\...\Duplicate Files Finder) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)

NetLimiter 3 (HKLM-x32\...\NetLimiter 3 3.0.0.11) (Version: 3.0.0.11 - Locktime Software)

NetLimiter 3 (Version: 3.0.0.11 - Locktime Software) Hidden

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)

Python 3.4.2 (HKLM-x32\...\{2583CDBA-8A53-4622-BB67-1D163714C1B4}) (Version: 3.4.16349 - Python Software Foundation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

SRWare Iron version SRWare Iron 38.2050.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 38.2050.0 - SRWare)

Uninstall EASIS Data Recovery (HKLM-x32\...\{5A399860-BBC3-4FA2-976E-FBE94A0C62E3}_is1) (Version: 4.4.1 - EASIS Technologies)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Waterfox 33.0.2 (x64 en-US) (HKLM\...\Waterfox 33.0.2 (x64 en-US)) (Version: 33.0.2 - Mozilla)



==================== Custom CLSID (selected items): ==========================



(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)





==================== Restore Points  =========================



30-11-2014 20:58:08 Installed NetLimiter 3

30-11-2014 22:21:08 Installed Python 3.4.2



==================== Hosts content: ==========================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2009-07-14 04:34 - 2014-12-04 00:10 - 00000844 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 q.zonja.ru



==================== Scheduled Tasks (whitelisted) =============



(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)



Task: {1123533C-0557-4C74-9137-4DDF452D2504} - System32\Tasks\{D52FD557-5353-41C8-A4D3-DE0A536CE395} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.22.64.107&amp;LastError=-9

Task: {1B8FC01B-99D5-4E66-9AF9-B7F7E1B11305} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: {94007167-714A-433B-8889-D16562B13A07} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-30] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe



==================== Loaded Modules (whitelisted) =============



2011-03-21 16:19 - 2011-03-21 16:19 - 00053248 _____ () C:\Program Files\NetLimiter 3\nlsvcPS.dll

2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll



==================== Alternate Data Streams (whitelisted) =========



(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)





==================== Safe Mode (whitelisted) ===================



(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)





==================== EXE Association (whitelisted) =============



(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)





==================== MSCONFIG/TASK MANAGER disabled items =========



(Currently there is no automatic fix for this section.)





========================= Accounts: ==========================



Administrator (S-1-5-21-831999270-2358735998-419095012-500 - Administrator - Disabled)

Guest (S-1-5-21-831999270-2358735998-419095012-501 - Limited - Disabled)

user (S-1-5-21-831999270-2358735998-419095012-1000 - Administrator - Enabled) => C:\Users\user



==================== Faulty Device Manager Devices =============



Name: SM Bus Controller

Description: SM Bus Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name: Universal Serial Bus (USB) Controller

Description: Universal Serial Bus (USB) Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name:

Description:

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.





==================== Event log errors: =========================



Application errors:

==================



System errors:

=============



Microsoft Office Sessions:

=========================



==================== Memory info ===========================



Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

Percentage of memory in use: 23%

Total physical RAM: 4035.16 MB

Available physical RAM: 3090.57 MB

Total Pagefile: 8068.49 MB

Available Pagefile: 6996 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:54.9 GB) (Free:25.8 GB) NTFS

Drive e: (Elements) (Fixed) (Total:465.73 GB) (Free:217.72 GB) NTFS

Drive h: (UUI) (Removable) (Total:58.43 GB) (Free:56.47 GB) FAT32



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00074D4E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=54.9 GB) - (Type=07 NTFS)



========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: BE559410)

Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)



========================================================

Disk: 2 (Size: 58.5 GB) (Disk ID: 00000000)



Partition: GPT Partition Type.



==================== End Of Log ============================

 


  • 0

#4
RKinner
Posted 04 December 2014 - 10:58 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Looks like it's gone for now.  Does appear that you need the latest Intel Chipset utility:

 

http://www.intel.com...b/CS-013541.htm

 

After you install the chipset utility then:

 

 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.

  • 0

#5
veg
Posted 04 December 2014 - 11:37 AM

veg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Wow this is great. This time I manually deleted USBDriver.exe and it didn't come back after unplugging and replugging the USB flash drive. Thank you so much!!

 

Do you think I can now plug in the other USB flash drives that were infected, without any further steps, and manually remove the USBDriver.exe? or would I need to repeat the process for them?

 

Pastes:

 

CMD:

C:\Windows\system32>sfc /scannow



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 100% complete.



Windows Resource Protection did not find any integrity violations.

Event Viewer:

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 04/12/2014 19:30:27



Note: All dates below are in the format dd/mm/yyyy



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 04/12/2014 17:24:23

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name google.com timed out after none of the configured DNS servers responded.

 

Event Viewer:

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 04/12/2014 19:31:33



Note: All dates below are in the format dd/mm/yyyy



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 04/12/2014 17:26:03

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

  • 0

#6
RKinner
Posted 04 December 2014 - 12:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

If it spreads with autorun.inf and you have autorun turned off then it should be safe.  That said there are a few that infect with a bad desktop.ini so when you look at the file with explorer it will get you.  You might want to look at them with a Command Prompt.  Start, All programs, Accessories then right click on Command Prompt and Run As Admin.  Insert the USB, Note the drive letter shown in the popup window,  cancel the popup window that asks you what you want to do then in the Command Windows type:

e:

This should select the usb drive.  If it has another letter use that instead but e is what you had before.  If that's not the correct letter and the popup window doesn't show you can copy the next line:

wmic logicaldisk get deviceid, volumename, description

then right click in the Command window and Paste or Edit then Paste


cd  \  
dir  /a  /s *.*

This should show you all files on the USB.  If you see USBDriver.exe in the \ folder then to delete it:

del  \USBDriver.exe

or if it's in the autorun folder then 

del  \autorun\USBDriver.exe

If the del command says it can't find the file then do:

attrib  -r  -h  -s  \USBDriver.exe

or 

attrib  -r  -h  -s  \autoruns\USBDriver.exe

A trick to keep it from coming back on a USB is to make a folder of the same name.  Windows won't allow a file of the same name as a folder in the same folder so:

mkdir  \USBDriver.exe
mkdir  \desktop.ini
mkdir  \autorun.ini

or 

mkdir  \autoruns\USBDriver.exe
mkdir \desktop.ini
mkdir  \autorun.ini

will immunize a USB drive against infection.  You can copy all three lines and right click and Paste or Edit then Paste and hit Enter instead of typing.

 

Do you have any other problems?


  • 0

#7
veg
Posted 04 December 2014 - 01:28 PM

veg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

It seems to be OK now. No other problems. Thank you again!


  • 0

#8
RKinner
Posted 04 December 2014 - 01:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the following:
 
 
:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
 
Right click on OTL and Run As Administrator.   In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.
 
That will get the last of the malware off the system.
 
 
 
You can uninstall or delete any tools we had you download and their logs. 
 
If we ran Combofix:To uninstall combofix, copy the next line:
 
"%userprofile%\Desktop\combofix.exe" /Uninstall
 
Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.
 
 
 
OTL has a cleanup tab but DO NOT USE IT!.  There are reports that it leaves the PC unbootable.  Instead just delete  OTL.exe and the folder c:\_OTL.
 
To hide hidden files again:
 
Vista or Win7
 
# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the  checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer. 
 
Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
Unless you have the latest version of Avast which has its own update checker:  To help keep your programs up-to-date you should download and run the UpdateChecker: 
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it.  Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
 Seems to work best if Firefox is the default browser.  Windows always hides its icon so you need to unhide it.  Click on the up arrow to the left of the clock.  Then click on Customize.  Maximize the window so you can see all of the options.  Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications.  OK.  When you reboot you should see the icon.  It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser.  (Seems to work best if it uses Firefox.  If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results.  Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it.  While there, also check Hide Beta Versions.  OK. )  You will see a list of programs that have updates with green down arrows next to them.  You do not need to download any Beta Versions.  There is an option Settings to Hide Beta Versions.  I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases.  OK. 
 
You can also try Secunia PSI http://secunia.com/v...l/download_psi/  Same kind of info.  You don't need both.
 
If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox .  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.com before you open them.
 
Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
 
CryptoPrevent
 
 
The free version does not update on its own so you should check for updated versions once in a while.
 
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  
 
 
My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)
 
Ron

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP