Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Boot Virus? [Solved]


  • This topic is locked This topic is locked

#1
nun-coffee

nun-coffee

    New Member

  • Member
  • Pip
  • 9 posts

TY for help.  Comp wouldn't let me download windows updates, desktop would go black and taskbar freeze: sometimes right clicking on desktop would fix problem, sometimes need to unplug, Avira would scan then close without giving results, very slow machine (i7 haswell, 16 gb ram) slower than my previous i3/8gb ram,  missing programs or more than one instance of a program.  

 

Did full reformat of HD yesterday (both partitions), went online and installed clean versions of Avira, Peerblock, Opera and Eraser.  Put nothing else on machine.   Avira full system scan now gives results (clean system), all other problems remain.  Also now can't burn discs, windows update freezes machine or runs for hours but downloads nothing.  

 

Today turned machine off then back on, said it was installing Windows updates, control panel screen says "updates were installed"  but underneath this it says "Updates were installed: Never"

Has done this twice now and both times same 125 updates of same size that I have been trying to install since reformat were waiting to be downloaded. 


  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Hi nun-coffee

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

Let's get a closer look at your system, please:

STEP1

Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Since you did not mention if 32 or 64 bit, please download both. Only one will run and that is the correct one to save.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
STEP2

Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    tdss_1.jpg
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    tdss_2.jpg
  • Click the Start Scan button.

    tdss_3.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss_4.jpg
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    tdss_5.jpg
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Information to Reply with >>>>
  • The FRST.txt log text
  • The Addition.txt log text
  • The TDSSKiller scan log text

  • 0

#3
nun-coffee

nun-coffee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Hi dbreeze, TY for fast response.  Logs as requested;

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Administrator (administrator) on JOHN on 23-01-2015 17:15:06
Running from C:\Users\Administrator\Desktop
Loaded Profiles: UpdatusUser & Administrator (Available profiles: UpdatusUser & johns & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2013-05-22] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [452608 2013-01-28] (Realtek Semiconductor Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-04-18] (MSI)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [407968 2013-04-18] (MSI)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1085512 2015-01-12] (The Eraser Project)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3683744004-2234847076-2787530182-500\...\Run: [PeerBlock] => C:\Program Files\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3683744004-2234847076-2787530182-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] True
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-22] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3683744004-2234847076-2787530182-500\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
HKU\S-1-5-21-3683744004-2234847076-2787530182-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
SearchScopes: HKU\S-1-5-21-3683744004-2234847076-2787530182-500 -> DefaultScope {5EA1E858-FEE6-44C5-A7B3-D8A977A131E6} URL = 
SearchScopes: HKU\S-1-5-21-3683744004-2234847076-2787530182-500 -> {5EA1E858-FEE6-44C5-A7B3-D8A977A131E6} URL = 
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-21] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [39424 2012-12-07] () [File not signed]
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99664 2013-05-22] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-15] (IObit)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2013-05-22] (Realtek Semiconductor)
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-01-15] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [524360 2013-05-22] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1552456 2013-05-22] (Realtek Semiconductor Corporation                           )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 19:40 - 2015-01-23 20:51 - 00003252 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3683744004-2234847076-2787530182-500
2015-01-23 19:39 - 2015-01-23 20:51 - 00003370 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3683744004-2234847076-2787530182-500
2015-01-23 17:12 - 2015-01-23 17:12 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2015-01-23 17:11 - 2015-01-23 17:11 - 02126848 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-01-23 16:32 - 2015-01-23 16:32 - 00010700 _____ () C:\Users\Administrator\Desktop\Addition.txt
2015-01-23 16:25 - 2015-01-23 17:15 - 00011978 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-01-23 16:25 - 2015-01-23 17:15 - 00000000 ____D () C:\FRST
2015-01-23 16:01 - 2015-01-23 16:33 - 00000000 ____D () C:\VLlUCcl]N=dXgk']_]
2015-01-23 15:46 - 2014-10-23 12:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-01-23 15:46 - 2014-10-23 11:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-01-23 15:46 - 2013-07-06 00:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-01-23 15:46 - 2013-07-05 22:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2015-01-23 15:46 - 2013-07-05 22:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-01-23 15:46 - 2013-07-04 02:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-01-23 15:46 - 2013-06-22 05:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-01-23 15:46 - 2013-06-22 05:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2015-01-23 15:45 - 2013-10-19 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2015-01-23 15:45 - 2013-10-19 04:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2015-01-23 15:45 - 2013-07-01 22:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2015-01-23 15:45 - 2013-06-29 03:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2015-01-23 15:45 - 2013-06-29 03:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2015-01-23 15:44 - 2014-12-19 06:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-23 15:42 - 2013-05-26 23:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-01-23 15:42 - 2013-05-26 22:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-01-23 15:42 - 2013-05-25 03:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-01-23 15:42 - 2013-05-25 02:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-01-23 15:41 - 2014-12-11 06:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-23 15:41 - 2013-09-28 03:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-01-23 15:41 - 2013-01-16 00:25 - 01437696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-01-23 15:41 - 2013-01-16 00:23 - 01690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-01-23 15:33 - 2014-09-03 02:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-01-23 15:33 - 2014-09-03 02:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-01-23 15:23 - 2014-10-09 04:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-01-23 15:23 - 2014-10-09 04:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-01-23 15:23 - 2014-10-09 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-01-23 15:23 - 2014-10-09 03:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-01-23 15:23 - 2014-10-09 03:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-01-23 14:34 - 2015-01-23 16:23 - 00000030 _____ () C:\Users\Administrator\Downloads\contact gen.txt
2015-01-23 13:39 - 2015-01-23 13:43 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 13:39 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-23 13:23 - 2015-01-05 23:28 - 00714176 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-23 13:23 - 2015-01-05 23:28 - 00106440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 12:57 - 2014-06-10 22:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-01-23 12:57 - 2014-06-10 22:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-01-23 12:54 - 2014-05-29 22:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-01-23 12:54 - 2014-04-19 09:39 - 00628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2015-01-23 12:54 - 2014-04-19 08:45 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-01-23 12:54 - 2014-04-19 08:45 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-23 12:54 - 2014-04-19 06:57 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-01-23 12:54 - 2014-04-19 06:57 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-01-23 12:54 - 2014-01-31 00:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-01-23 12:54 - 2014-01-12 23:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-01-23 12:54 - 2014-01-12 23:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2015-01-23 12:54 - 2013-11-20 00:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-01-23 12:54 - 2013-11-19 23:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-01-23 12:54 - 2013-07-19 22:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-23 12:54 - 2013-07-19 22:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-23 12:54 - 2013-07-02 01:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-01-23 12:54 - 2013-07-02 01:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-01-23 12:54 - 2013-07-02 01:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2015-01-23 12:54 - 2013-05-04 06:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-01-23 12:54 - 2013-05-04 04:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2015-01-23 12:54 - 2012-11-10 04:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-01-23 12:54 - 2012-11-10 04:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2015-01-23 12:54 - 2012-11-10 04:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2015-01-23 12:54 - 2012-11-10 04:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2015-01-23 12:53 - 2014-10-30 07:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-01-23 12:53 - 2014-10-30 05:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-01-23 12:53 - 2014-10-11 07:45 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-01-23 12:53 - 2014-10-11 07:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-01-23 12:53 - 2014-10-11 07:44 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-01-23 12:53 - 2014-10-11 07:43 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-01-23 12:53 - 2014-10-11 05:58 - 08858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-01-23 12:53 - 2014-10-11 05:57 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-01-23 12:53 - 2014-10-11 05:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-01-23 12:53 - 2014-10-11 05:56 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-01-23 12:53 - 2014-06-12 23:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-01-23 12:53 - 2014-06-12 23:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-01-23 12:53 - 2013-08-23 07:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-01-23 12:53 - 2013-08-23 01:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-01-23 12:53 - 2013-04-02 23:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2015-01-23 12:53 - 2013-04-02 23:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-01-23 12:52 - 2013-12-04 23:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2015-01-23 12:52 - 2013-12-04 23:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2015-01-23 12:51 - 2014-12-11 07:35 - 06973248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-23 12:51 - 2013-03-22 03:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-01-23 12:51 - 2013-03-21 22:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-01-23 12:49 - 2014-08-21 23:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-01-23 12:49 - 2014-08-21 23:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-01-23 12:49 - 2013-11-01 05:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2015-01-23 12:49 - 2013-11-01 03:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2015-01-23 12:49 - 2013-10-10 09:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2015-01-23 12:49 - 2013-10-10 09:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2015-01-23 12:49 - 2013-10-10 09:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2015-01-23 12:49 - 2013-10-10 09:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2015-01-23 12:49 - 2013-10-10 09:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2015-01-23 12:49 - 2013-10-10 09:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2015-01-23 12:49 - 2013-10-10 09:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2015-01-23 12:49 - 2013-03-15 00:17 - 00861184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-01-23 12:49 - 2012-10-24 03:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2015-01-23 12:49 - 2012-10-24 02:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2015-01-23 12:48 - 2014-11-05 06:40 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-01-23 12:48 - 2014-11-05 06:39 - 01024512 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-01-23 12:48 - 2014-11-01 06:28 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-01-23 12:48 - 2014-10-29 14:21 - 00499008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-23 12:48 - 2014-10-27 22:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-23 12:48 - 2014-10-01 23:05 - 04068864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-01-23 12:48 - 2014-09-24 23:29 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-01-23 12:48 - 2014-09-24 23:29 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-01-23 12:48 - 2014-09-24 23:01 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-01-23 12:48 - 2014-09-24 23:01 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-01-23 12:48 - 2014-08-28 06:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-01-23 12:48 - 2014-08-09 08:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-01-23 12:48 - 2014-08-09 08:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-01-23 12:48 - 2014-02-05 23:41 - 01257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2015-01-23 12:48 - 2014-02-05 23:19 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2015-01-23 12:48 - 2013-07-01 01:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-01-23 12:48 - 2013-07-01 01:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-01-23 12:48 - 2013-07-01 01:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-01-23 12:48 - 2013-07-01 01:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-01-23 12:48 - 2013-06-29 03:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-01-23 12:48 - 2013-06-29 03:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-01-23 12:48 - 2013-04-11 22:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-01-23 12:48 - 2013-04-11 22:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-01-23 12:47 - 2014-11-15 06:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-23 12:47 - 2014-11-15 05:13 - 03286016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-23 12:47 - 2014-11-15 05:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-23 12:47 - 2014-11-15 05:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-01-23 12:47 - 2014-11-15 03:54 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-23 12:47 - 2014-11-15 03:53 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-23 12:47 - 2014-11-15 03:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-23 12:47 - 2014-11-15 03:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-23 12:46 - 2014-10-11 07:44 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-01-23 12:46 - 2014-10-11 05:41 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-01-23 12:46 - 2014-10-11 05:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-01-23 12:46 - 2014-10-11 05:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-01-23 12:46 - 2014-10-11 05:04 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-01-23 12:46 - 2014-05-03 03:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-01-23 12:46 - 2013-04-09 05:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-23 12:46 - 2013-04-09 05:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-23 12:46 - 2013-04-09 05:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-23 12:46 - 2013-04-09 05:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2015-01-23 12:46 - 2013-04-09 05:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2015-01-23 12:46 - 2013-04-09 05:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2015-01-23 12:46 - 2013-04-09 05:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-01-23 12:46 - 2013-04-09 04:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-01-23 12:46 - 2013-04-09 04:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-01-23 12:46 - 2013-04-09 04:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-01-23 12:46 - 2013-04-09 04:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2015-01-23 12:46 - 2013-04-09 04:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2015-01-23 12:46 - 2013-04-09 04:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-01-23 12:46 - 2013-04-09 04:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-01-23 12:46 - 2013-04-09 04:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2015-01-23 12:46 - 2013-04-09 04:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2015-01-23 12:46 - 2013-04-09 04:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2015-01-23 12:46 - 2013-04-09 02:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-01-23 12:46 - 2013-04-09 02:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-01-23 12:46 - 2013-04-09 02:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-01-23 12:46 - 2013-04-09 02:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2015-01-23 12:46 - 2013-04-09 02:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-01-23 12:46 - 2013-04-09 02:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-01-23 12:46 - 2013-04-08 23:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2015-01-23 12:46 - 2013-04-08 23:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-01-23 12:46 - 2013-04-08 23:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-23 12:46 - 2013-04-08 23:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-23 12:46 - 2013-04-08 21:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-01-23 12:46 - 2013-04-08 21:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-01-23 12:46 - 2013-04-08 21:52 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2015-01-23 12:46 - 2013-04-08 21:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-01-23 12:46 - 2013-04-08 21:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2015-01-23 12:46 - 2013-04-08 21:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2015-01-23 12:46 - 2013-04-08 21:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2015-01-23 12:46 - 2013-04-08 21:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2015-01-23 12:46 - 2013-04-04 23:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-23 12:46 - 2013-03-30 18:16 - 01403784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-01-23 12:46 - 2013-03-30 18:16 - 01267424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-01-23 12:46 - 2013-03-28 22:09 - 01217328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-01-23 12:46 - 2013-03-28 22:09 - 01093880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-01-23 12:46 - 2013-03-15 22:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-01-23 12:46 - 2013-03-15 22:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2015-01-23 12:46 - 2013-03-02 10:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-01-23 12:45 - 2014-07-24 03:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-01-23 12:45 - 2014-07-24 03:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-01-23 12:43 - 2014-10-18 08:44 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-01-23 12:43 - 2014-10-18 07:05 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-01-23 12:43 - 2014-10-11 07:44 - 19764736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-01-23 12:43 - 2014-10-11 05:57 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-01-23 12:43 - 2014-10-09 03:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-01-23 12:43 - 2014-10-09 03:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-01-23 12:43 - 2014-10-09 03:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-01-23 12:43 - 2014-09-22 05:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-01-23 12:43 - 2014-09-22 03:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-01-23 12:43 - 2014-06-19 23:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-01-23 12:43 - 2014-06-19 22:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-01-23 12:41 - 2014-11-21 08:38 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-01-23 12:41 - 2014-11-21 08:38 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-01-23 12:41 - 2014-11-21 08:37 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-01-23 12:41 - 2014-11-21 08:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-01-23 12:41 - 2014-11-21 08:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-01-23 12:41 - 2014-11-21 08:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-01-23 12:41 - 2014-11-21 07:17 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-01-23 12:41 - 2014-11-21 07:17 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-01-23 12:41 - 2014-11-21 07:17 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-01-23 12:41 - 2014-11-21 07:17 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 13758976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-01-23 12:41 - 2014-11-21 07:16 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-01-23 12:41 - 2014-11-21 07:16 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-01-23 12:41 - 2014-11-21 07:00 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-01-23 12:41 - 2014-11-21 06:54 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-01-23 12:41 - 2014-11-21 04:30 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-01-23 12:41 - 2014-11-08 11:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-01-23 12:41 - 2014-11-08 11:21 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-01-23 12:41 - 2014-11-08 06:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-01-23 12:41 - 2014-11-08 06:56 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-01-23 12:41 - 2014-10-11 08:35 - 00171840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-01-23 12:41 - 2014-10-11 07:44 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-01-23 12:41 - 2014-10-11 07:43 - 01281536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-01-23 12:41 - 2014-10-11 05:57 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-01-23 12:41 - 2014-05-29 23:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-01-23 12:41 - 2014-04-12 09:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-01-23 12:41 - 2014-04-12 09:09 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-01-23 12:41 - 2014-04-12 09:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2015-01-23 12:41 - 2014-04-12 09:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2015-01-23 12:41 - 2014-04-12 09:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-01-23 12:41 - 2014-04-12 09:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2015-01-23 12:41 - 2014-04-12 07:23 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2015-01-23 12:41 - 2014-04-12 07:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-01-23 12:41 - 2014-04-12 07:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2015-01-23 12:41 - 2014-04-12 07:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2015-01-23 12:41 - 2014-04-12 07:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2015-01-23 12:41 - 2014-04-12 06:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-01-23 12:41 - 2014-03-03 23:07 - 00570216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-01-23 12:40 - 2014-11-21 08:36 - 19283456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 15400960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-01-23 12:40 - 2014-11-21 08:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-01-23 12:40 - 2014-11-21 08:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-01-23 12:40 - 2014-11-21 07:17 - 14364672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-01-23 12:40 - 2014-11-21 07:17 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-01-23 12:40 - 2014-11-21 07:16 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-01-23 12:40 - 2014-11-21 07:16 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-01-23 12:40 - 2014-11-21 07:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-01-23 12:40 - 2014-09-13 06:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-01-23 12:40 - 2014-09-03 02:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2015-01-23 12:40 - 2014-09-03 02:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2015-01-23 12:40 - 2014-08-29 04:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-01-23 12:40 - 2014-08-29 04:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2015-01-23 12:40 - 2014-08-29 04:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-01-23 12:40 - 2014-08-29 04:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2015-01-23 12:40 - 2014-08-28 06:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2015-01-23 12:40 - 2014-08-28 06:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-01-23 12:40 - 2014-08-28 05:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-01-23 12:40 - 2014-08-28 05:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-01-23 12:40 - 2014-08-28 05:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2015-01-23 12:40 - 2014-08-28 05:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2015-01-23 12:40 - 2014-07-24 13:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-01-23 12:40 - 2014-06-05 01:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-01-23 12:40 - 2014-06-03 23:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-01-23 12:39 - 2014-06-13 01:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-01-23 12:39 - 2014-06-13 01:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2015-01-23 12:39 - 2013-05-04 07:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-01-23 12:39 - 2013-05-04 07:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-01-23 12:39 - 2013-05-04 06:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-01-23 12:39 - 2013-05-04 06:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-01-23 12:39 - 2013-05-04 06:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2015-01-23 12:39 - 2013-05-04 06:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2015-01-23 12:39 - 2013-05-04 06:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2015-01-23 12:39 - 2013-05-04 06:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2015-01-23 12:39 - 2013-05-04 04:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-01-23 12:39 - 2013-05-04 04:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2015-01-23 12:39 - 2013-05-04 04:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2015-01-23 12:39 - 2013-05-04 04:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-01-23 12:39 - 2013-05-04 04:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-01-23 12:39 - 2013-05-04 04:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2015-01-23 12:39 - 2013-05-04 04:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2015-01-23 12:39 - 2013-05-04 04:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2015-01-23 12:39 - 2013-05-04 04:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2015-01-23 12:39 - 2013-05-04 04:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2015-01-23 12:39 - 2013-05-04 04:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2015-01-23 12:39 - 2013-05-04 04:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-01-23 12:39 - 2013-03-02 02:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
2015-01-23 12:39 - 2013-03-02 02:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
2015-01-23 12:38 - 2013-05-15 02:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2015-01-23 12:38 - 2013-05-15 02:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-01-23 12:38 - 2013-05-15 02:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2015-01-23 12:38 - 2013-05-15 02:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-01-23 12:38 - 2013-04-23 23:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2015-01-23 12:38 - 2013-04-23 23:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2015-01-23 12:38 - 2013-04-23 22:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2015-01-23 12:38 - 2013-04-23 22:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2015-01-23 12:37 - 2014-12-06 07:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-23 12:37 - 2014-12-06 07:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-23 12:37 - 2014-12-06 07:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-23 12:37 - 2014-12-06 07:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-23 12:37 - 2014-12-06 07:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-23 12:37 - 2014-12-06 07:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-23 12:37 - 2014-12-06 07:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-23 12:37 - 2014-12-06 07:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-23 12:37 - 2014-12-06 06:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-23 12:37 - 2014-12-06 06:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-23 12:37 - 2014-12-06 06:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-23 12:37 - 2014-12-06 06:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-23 12:37 - 2014-11-06 06:50 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-01-23 12:37 - 2014-11-06 05:03 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-01-23 12:37 - 2014-10-03 01:21 - 00522728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-23 12:37 - 2014-10-02 22:29 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-23 12:37 - 2014-06-05 17:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-01-23 12:37 - 2013-07-09 06:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-23 12:37 - 2013-07-09 04:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-23 12:37 - 2013-03-06 06:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-01-23 12:36 - 2014-07-07 05:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2015-01-23 12:36 - 2014-07-07 05:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-01-23 12:36 - 2014-07-07 05:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2015-01-23 12:36 - 2014-07-07 05:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-01-23 12:36 - 2014-07-07 04:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2015-01-23 12:36 - 2014-07-07 04:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2015-01-23 12:36 - 2014-07-07 04:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-01-23 12:36 - 2014-07-07 03:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2015-01-23 12:36 - 2013-03-02 10:57 - 00332520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-01-23 12:36 - 2013-03-02 10:57 - 00077544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2015-01-23 12:36 - 2013-03-02 10:45 - 00194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-01-23 12:36 - 2013-03-02 10:45 - 00148712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-01-23 12:36 - 2013-03-02 10:45 - 00125160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-01-23 12:36 - 2013-03-02 08:23 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-01-23 12:36 - 2013-03-02 08:23 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-01-23 12:36 - 2013-03-02 08:23 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-01-23 12:36 - 2013-03-02 08:23 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-01-23 12:36 - 2013-03-02 08:23 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2015-01-23 12:36 - 2013-03-02 08:22 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-01-23 12:36 - 2013-03-02 08:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-01-23 12:36 - 2013-03-02 08:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2015-01-23 12:36 - 2013-03-02 08:21 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2015-01-23 12:36 - 2013-03-02 08:21 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 01149952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-01-23 12:36 - 2013-03-02 02:45 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-01-23 12:36 - 2013-03-02 02:45 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
2015-01-23 12:36 - 2013-03-02 02:44 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NdisImPlatform.dll
2015-01-23 12:36 - 2013-03-02 02:44 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2015-01-23 12:36 - 2013-03-02 02:43 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-01-23 12:36 - 2013-03-02 02:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-01-23 12:36 - 2013-03-01 04:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-01-23 12:36 - 2013-03-01 04:56 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2015-01-23 12:36 - 2013-03-01 04:55 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-01-23 12:33 - 2013-08-16 05:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2015-01-23 12:33 - 2013-08-16 05:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2015-01-23 12:33 - 2013-08-16 05:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-01-23 12:33 - 2013-08-16 05:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-01-23 12:33 - 2013-08-15 22:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2015-01-23 12:33 - 2013-08-15 22:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2015-01-23 12:33 - 2013-08-15 22:43 - 00083968 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2015-01-23 12:33 - 2013-08-15 22:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2015-01-23 12:33 - 2013-08-15 22:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2015-01-23 12:32 - 2014-06-17 23:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2015-01-23 12:32 - 2014-06-17 23:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-01-23 12:32 - 2014-06-06 14:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-01-23 12:32 - 2014-06-06 10:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-01-23 12:32 - 2013-08-16 05:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-01-23 12:32 - 2013-08-16 05:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-01-23 12:32 - 2013-08-16 05:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-01-23 12:32 - 2013-08-16 05:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-01-23 12:32 - 2013-08-16 05:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2015-01-23 12:32 - 2013-08-16 05:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2015-01-23 12:32 - 2013-08-16 05:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2015-01-23 12:32 - 2013-07-13 06:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-01-23 12:32 - 2013-07-13 06:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2015-01-23 12:32 - 2013-07-13 06:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2015-01-23 12:32 - 2013-07-13 06:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2015-01-23 12:32 - 2013-07-13 04:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-01-23 12:32 - 2013-07-13 04:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2015-01-23 12:32 - 2013-07-13 04:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2015-01-23 12:32 - 2013-03-02 09:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-01-23 12:31 - 2014-06-02 22:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-01-23 12:28 - 2014-11-27 02:40 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-01-23 12:28 - 2014-11-27 01:28 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-01-23 12:26 - 2013-10-10 11:53 - 00096600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-01-23 12:26 - 2013-10-10 09:21 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-01-23 12:26 - 2013-10-10 09:20 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-01-23 12:26 - 2013-06-10 19:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-01-23 12:26 - 2013-06-10 19:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-01-23 12:26 - 2013-06-10 19:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-01-23 12:26 - 2013-06-10 19:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-01-23 12:25 - 2013-03-06 05:03 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2015-01-23 12:24 - 2013-03-06 06:31 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2015-01-23 12:23 - 2014-09-22 05:53 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-01-23 12:23 - 2014-08-26 22:08 - 00270024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-01-23 12:22 - 2014-03-11 03:25 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2015-01-23 12:22 - 2014-03-11 00:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2015-01-23 12:22 - 2014-03-11 00:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2015-01-23 12:22 - 2014-03-11 00:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2015-01-23 12:22 - 2014-03-11 00:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-01-23 12:22 - 2014-03-11 00:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2015-01-23 12:22 - 2014-03-11 00:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-01-23 12:22 - 2014-03-11 00:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2015-01-23 12:22 - 2014-03-11 00:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2015-01-23 12:22 - 2014-03-11 00:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2015-01-23 12:22 - 2014-03-10 03:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-01-23 12:22 - 2014-03-10 01:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2015-01-23 12:21 - 2013-11-23 06:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-01-23 12:21 - 2013-11-23 05:05 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-01-23 12:19 - 2014-07-15 23:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-01-23 12:19 - 2014-07-12 02:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-01-23 12:18 - 2013-03-02 08:23 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-01-23 12:18 - 2013-03-02 02:44 - 01011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-01-23 03:37 - 2015-01-23 03:37 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-01-23 02:03 - 2015-01-23 13:41 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-23 02:03 - 2015-01-23 02:03 - 02374320 _____ (PeerBlock, LLC ) C:\Users\Administrator\Downloads\PeerBlock-Setup_v1.2_r693(1).exe
2015-01-23 02:03 - 2015-01-23 02:03 - 00001736 _____ () C:\Users\Administrator\Downloads\PeerBlock.lnk
2015-01-23 02:03 - 2015-01-23 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-01-23 01:55 - 2015-01-23 01:55 - 00236392 _____ () C:\Users\Administrator\Downloads\PeerBlock-Setup_v1.2_r693.exe
2015-01-22 23:30 - 2015-01-22 23:51 - 00000637 _____ () C:\Users\Administrator\Downloads\check.txt
2015-01-22 20:25 - 2015-01-23 16:22 - 00032777 _____ () C:\Users\Administrator\Downloads\security.txt
2015-01-22 20:19 - 2015-01-22 20:20 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-22 20:19 - 2015-01-22 20:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\MFAData
2015-01-22 20:19 - 2015-01-22 20:19 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2015
2015-01-22 14:36 - 2015-01-22 17:45 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Eraser 6
2015-01-22 13:36 - 2015-01-23 13:30 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-01-22 00:47 - 2015-01-22 00:47 - 00003390 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3683744004-2234847076-2787530182-500
2015-01-22 00:27 - 2015-01-22 00:27 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real
2015-01-21 23:58 - 2015-01-21 23:58 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2015-01-21 22:18 - 2015-01-21 22:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2015-01-21 22:17 - 2015-01-21 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2015-01-21 22:17 - 2015-01-21 22:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2015-01-21 22:16 - 2015-01-21 22:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-01-21 22:13 - 2015-01-21 22:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2015-01-21 22:12 - 2015-01-23 17:06 - 00066216 _____ () C:\Users\Administrator\AppData\Local\BTServer.log
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () C:\Users\Administrator\Documents\My Bluetooth
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\MSI
2015-01-21 22:11 - 2015-01-21 22:11 - 00001430 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 22:11 - 2015-01-21 22:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2015-01-21 22:11 - 2015-01-21 22:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-21 22:09 - 2015-01-23 19:36 - 00000000 ____D () C:\Users\Administrator
2015-01-21 22:09 - 2015-01-21 22:11 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2015-01-21 22:09 - 2015-01-21 22:09 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-21 22:09 - 2013-05-23 00:09 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-21 22:09 - 2013-02-22 18:12 - 00002110 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-01-21 22:09 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-21 22:09 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-21 22:09 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-21 21:44 - 2015-01-21 21:44 - 00000017 _____ () C:\Users\johns\AppData\Local\resmon.resmoncfg
2015-01-21 18:11 - 2015-01-21 18:11 - 00003812 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1421863702
2015-01-21 18:11 - 2015-01-21 18:11 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Opera Software
2015-01-21 18:11 - 2015-01-21 18:11 - 00000000 ____D () C:\Users\johns\AppData\Local\Opera Software
2015-01-21 18:08 - 2015-01-21 18:08 - 00001139 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-21 18:08 - 2015-01-21 18:08 - 00001139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-21 18:06 - 2015-01-21 21:39 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-21 18:05 - 2015-01-21 18:05 - 00683432 _____ (Opera Software) C:\Users\johns\Downloads\Opera_NI_stable.exe
2015-01-21 17:53 - 2015-01-21 21:30 - 00000000 ____D () C:\QD4R'sm9 mQsOrmq9P
2015-01-21 17:07 - 2015-01-21 17:07 - 00001759 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
2015-01-21 17:07 - 2015-01-21 17:07 - 00001747 _____ () C:\Users\Public\Desktop\Eraser.lnk
2015-01-21 17:07 - 2015-01-21 17:07 - 00000000 ____D () C:\Program Files\Eraser
2015-01-21 17:05 - 2015-01-21 17:05 - 08317032 _____ (The Eraser Project) C:\Users\johns\Downloads\Eraser 6.2.0.2962.exe
2015-01-21 17:04 - 2015-01-21 17:00 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-01-21 17:03 - 2013-08-16 05:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-01-21 17:03 - 2013-08-16 05:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-01-21 17:03 - 2013-08-15 22:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-01-20 23:53 - 2015-01-20 23:53 - 00000000 __SHD () C:\Recovery
2015-01-20 23:53 - 2015-01-20 23:53 - 00000000 _____ () C:\Recovery.txt
2015-01-20 23:48 - 2015-01-21 21:35 - 00000000 ____D () C:\Users\johns\AppData\Local\CrashDumps
2015-01-20 23:44 - 2015-01-20 23:44 - 00000000 ____D () C:\Users\johns\AppData\Roaming\ProductData
2015-01-20 23:43 - 2015-01-21 17:06 - 00000000 ____D () C:\Users\johns\AppData\Roaming\IObit
2015-01-20 23:43 - 2015-01-20 23:43 - 00001283 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Mozilla
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-01-20 23:43 - 2015-01-20 23:43 - 00000000 ____D () C:\ProgramData\IObit
2015-01-20 23:42 - 2015-01-21 17:02 - 00001133 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-01-20 23:42 - 2015-01-21 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-20 23:42 - 2015-01-20 23:43 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-20 23:42 - 2015-01-20 23:42 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2015-01-20 23:42 - 2015-01-20 23:42 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Avira
2015-01-20 23:41 - 2015-01-21 17:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-20 23:41 - 2015-01-20 23:42 - 00000000 ____D () C:\ProgramData\Avira
2015-01-20 23:41 - 2014-10-23 00:33 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-01-20 23:41 - 2014-10-23 00:33 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-01-20 23:41 - 2014-10-23 00:33 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-01-20 23:27 - 2015-01-20 23:39 - 151626424 _____ () C:\Users\johns\Downloads\avira_free_antivirus_en.exe
2015-01-20 23:27 - 2015-01-20 23:27 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Macromedia
2015-01-20 23:26 - 2015-01-20 23:27 - 09344920 _____ (IObit ) C:\Users\johns\Downloads\startmenu-setup.exe
2015-01-20 23:18 - 2015-01-21 22:00 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3683744004-2234847076-2787530182-1002
2015-01-20 23:14 - 2015-01-20 23:14 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Intel Corporation
2015-01-20 23:13 - 2015-01-20 23:13 - 00000000 ____D () C:\Users\johns\AppData\Local\MSI
2015-01-20 23:12 - 2015-01-20 23:12 - 00001434 _____ () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-20 23:12 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Adobe
2015-01-20 23:10 - 2015-01-22 12:44 - 00057814 _____ () C:\Users\johns\AppData\Local\BTServer.log
2015-01-20 23:10 - 2015-01-20 23:55 - 00000000 ____D () C:\Users\johns
2015-01-20 23:10 - 2015-01-20 23:12 - 00000000 ____D () C:\Users\johns\AppData\Local\Packages
2015-01-20 23:10 - 2015-01-20 23:10 - 00000020 ___SH () C:\Users\johns\ntuser.ini
2015-01-20 23:10 - 2015-01-20 23:10 - 00000000 ____D () C:\Users\johns\Documents\My Bluetooth
2015-01-20 23:10 - 2015-01-20 23:10 - 00000000 ____D () C:\Users\johns\AppData\Local\VirtualStore
2015-01-20 23:10 - 2013-05-23 00:09 - 00000000 ___RD () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-20 23:10 - 2013-02-22 18:12 - 00002110 _____ () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2015-01-20 23:10 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 23:10 - 2012-07-26 08:13 - 00000000 ___RD () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-20 23:10 - 2012-07-26 08:13 - 00000000 ____D () C:\Users\johns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 23:07 - 2015-01-23 17:15 - 01794272 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-20 22:55 - 2015-01-23 17:11 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3683744004-2234847076-2787530182-500
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 17:15 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 17:09 - 2013-02-22 12:27 - 00716940 _____ () C:\WINDOWS\system32\perfh01F.dat
2015-01-23 17:09 - 2013-02-22 12:27 - 00151340 _____ () C:\WINDOWS\system32\perfc01F.dat
2015-01-23 17:09 - 2013-02-22 12:14 - 00727016 _____ () C:\WINDOWS\system32\perfh01D.dat
2015-01-23 17:09 - 2013-02-22 12:14 - 00153668 _____ () C:\WINDOWS\system32\perfc01D.dat
2015-01-23 17:09 - 2013-02-22 11:32 - 00783182 _____ () C:\WINDOWS\system32\perfh019.dat
2015-01-23 17:09 - 2013-02-22 11:32 - 00162586 _____ () C:\WINDOWS\system32\perfc019.dat
2015-01-23 17:09 - 2013-02-22 11:10 - 00791188 _____ () C:\WINDOWS\system32\prfh0816.dat
2015-01-23 17:09 - 2013-02-22 11:10 - 00164734 _____ () C:\WINDOWS\system32\prfc0816.dat
2015-01-23 17:09 - 2013-02-22 10:57 - 00777310 _____ () C:\WINDOWS\system32\prfh0416.dat
2015-01-23 17:09 - 2013-02-22 10:57 - 00159368 _____ () C:\WINDOWS\system32\prfc0416.dat
2015-01-23 17:09 - 2013-02-22 10:45 - 00800240 _____ () C:\WINDOWS\system32\perfh015.dat
2015-01-23 17:09 - 2013-02-22 10:45 - 00164156 _____ () C:\WINDOWS\system32\perfc015.dat
2015-01-23 17:09 - 2013-02-22 10:34 - 00800044 _____ () C:\WINDOWS\system32\perfh013.dat
2015-01-23 17:09 - 2013-02-22 10:34 - 00163346 _____ () C:\WINDOWS\system32\perfc013.dat
2015-01-23 17:09 - 2013-02-22 10:21 - 00455256 _____ () C:\WINDOWS\system32\perfh014.dat
2015-01-23 17:09 - 2013-02-22 10:21 - 00081674 _____ () C:\WINDOWS\system32\perfc014.dat
2015-01-23 17:09 - 2013-02-22 09:56 - 00795470 _____ () C:\WINDOWS\system32\perfh010.dat
2015-01-23 17:09 - 2013-02-22 09:56 - 00157368 _____ () C:\WINDOWS\system32\perfc010.dat
2015-01-23 17:09 - 2013-02-22 09:44 - 00745038 _____ () C:\WINDOWS\system32\perfh00E.dat
2015-01-23 17:09 - 2013-02-22 09:44 - 00178778 _____ () C:\WINDOWS\system32\perfc00E.dat
2015-01-23 17:09 - 2013-02-22 09:27 - 00422612 _____ () C:\WINDOWS\system32\perfh00D.dat
2015-01-23 17:09 - 2013-02-22 09:27 - 00069386 _____ () C:\WINDOWS\system32\perfc00D.dat
2015-01-23 17:09 - 2013-02-22 09:19 - 00804516 _____ () C:\WINDOWS\system32\perfh00C.dat
2015-01-23 17:09 - 2013-02-22 09:19 - 00159844 _____ () C:\WINDOWS\system32\perfc00C.dat
2015-01-23 17:09 - 2013-02-22 09:08 - 00440808 _____ () C:\WINDOWS\system32\perfh00B.dat
2015-01-23 17:09 - 2013-02-22 09:08 - 00086210 _____ () C:\WINDOWS\system32\perfc00B.dat
2015-01-23 17:09 - 2013-02-22 08:53 - 00802440 _____ () C:\WINDOWS\system32\perfh00A.dat
2015-01-23 17:09 - 2013-02-22 08:53 - 00167114 _____ () C:\WINDOWS\system32\perfc00A.dat
2015-01-23 17:09 - 2013-02-22 08:42 - 00556286 _____ () C:\WINDOWS\system32\perfh008.dat
2015-01-23 17:09 - 2013-02-22 08:42 - 00093618 _____ () C:\WINDOWS\system32\perfc008.dat
2015-01-23 17:09 - 2013-02-22 08:34 - 00756294 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-23 17:09 - 2013-02-22 08:34 - 00160120 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-23 17:09 - 2013-02-22 08:23 - 00470170 _____ () C:\WINDOWS\system32\perfh006.dat
2015-01-23 17:09 - 2013-02-22 08:23 - 00084182 _____ () C:\WINDOWS\system32\perfc006.dat
2015-01-23 17:09 - 2013-02-22 08:15 - 00732792 _____ () C:\WINDOWS\system32\perfh005.dat
2015-01-23 17:09 - 2013-02-22 08:15 - 00152636 _____ () C:\WINDOWS\system32\perfc005.dat
2015-01-23 17:09 - 2012-07-26 07:28 - 15403000 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-23 17:06 - 2013-05-23 00:44 - 00000000 ____D () C:\ProgramData\Realtek
2015-01-23 17:03 - 2012-07-26 07:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-23 17:00 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\uk-UA
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\tr-TR
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\sl-SI
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\sk-SK
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\ro-RO
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\lv-LV
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\lt-LT
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\hr-HR
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\he-IL
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\et-EE
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\bg-BG
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\he-IL
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\bg-BG
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-01-23 16:56 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\uk-UA
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\tr-TR
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sl-SI
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\sk-SK
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\ro-RO
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\lv-LV
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\lt-LT
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\hr-HR
2015-01-23 16:55 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\et-EE
2015-01-23 16:53 - 2012-07-26 08:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-23 16:53 - 2012-07-26 08:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 16:52 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 16:52 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 16:52 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-23 16:52 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-23 16:52 - 2012-07-26 07:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-23 16:43 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-23 16:43 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-23 16:43 - 2012-07-26 05:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-01-23 16:43 - 2012-07-26 05:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-01-23 13:39 - 2012-07-26 05:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-23 13:24 - 2012-07-26 05:37 - 00000000 ____D () C:\WINDOWS\servicing
2015-01-23 13:17 - 2012-07-26 05:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-21 21:34 - 2013-02-22 07:00 - 01290296 _____ () C:\WINDOWS\PFRO.log
2015-01-21 17:02 - 2013-05-23 00:44 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-20 23:57 - 2013-05-23 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-01-20 23:57 - 2013-05-23 01:21 - 00000000 ____D () C:\Program Files (x86)\MSI
2015-01-20 23:57 - 2013-02-22 07:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-20 23:53 - 2012-07-26 08:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-01-20 23:51 - 2013-02-22 07:24 - 00000000 ____D () C:\ProgramData\Norton
2015-01-20 23:51 - 2012-07-26 05:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-20 23:49 - 2012-07-26 08:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-01-20 23:44 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-20 23:10 - 2012-07-26 08:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-20 22:57 - 2013-02-22 06:59 - 00000000 ____D () C:\WINDOWS\Panther
2015-01-20 22:56 - 2012-07-26 08:13 - 00003608 _____ () C:\WINDOWS\DtcInstall.log
2015-01-20 22:56 - 2012-07-26 07:21 - 00028178 _____ () C:\WINDOWS\setupact.log
2015-01-20 22:55 - 2013-05-23 00:43 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
 
==================== Files in the root of some directories =======
2015-01-21 22:12 - 2015-01-23 17:06 - 0066216 _____ () C:\Users\Administrator\AppData\Local\BTServer.log
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\lowproc.exe
C:\Users\Administrator\AppData\Local\Temp\stubhelper.dll
C:\Users\johns\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-02-22 07:00
 
==================== End Of Log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Administrator at 2015-01-23 17:15:51
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1208.0301 - Micro-Star International Co., Ltd.)
BlueStacks App Player (HKLM-x32\...\{1AE65157-6E14-49AF-98DF-447927FBC142}) (Version: 0.7.9.844 - BlueStack Systems, Inc.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1304.1501 - Micro-Star International Co., Ltd.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eraser 6.2.0.2962 (HKLM\...\{C6E287F1-2E47-45F0-BB51-94F815CFFB48}) (Version: 6.2.2962 - The Eraser Project)
ETDWare PS/2-X64 11.13.2.4_WHQL (HKLM\...\Elantech) (Version: 11.13.2.4 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3107 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: 1.1.0.0 - ENE TECHNOLOGY INC.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{28f90ef6-5415-4182-a638-3232ad7aa8eb}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NVIDIA Graphics Driver 311.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Opera Stable 26.0.1656.60 (HKLM-x32\...\Opera 26.0.1656.60) (Version: 26.0.1656.60 - Opera Software ASA)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.9691.663.020613 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6804 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - )
SCM (HKLM\...\{5172DE8A-2640-474E-B89F-A04A90312A74}) (Version: 10.013.04183 - Application)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.0.1 - IObit)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 05:26 - 2012-07-26 05:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {704EE0C9-9350-4625-BD98-FB745A993044} - System32\Tasks\Opera scheduled Autoupdate 1421863702 => C:\Program Files (x86)\Opera\launcher.exe [2014-12-16] (Opera Software)
Task: {7C6DE59A-980B-4E74-8DEB-3C910DC8A607} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-24] (Microsoft Corporation)
Task: {7EB6D669-6561-40FE-A1BE-8CB2444ABE67} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-31] (Microsoft Corporation)
Task: {84A33592-5E21-4BB5-BE82-399AF8F895DF} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3683744004-2234847076-2787530182-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {C5E7C57C-8333-417E-ABB0-B0DA799094A9} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2012-07-26] (Microsoft Corporation)
Task: {DD6A1C74-0CDB-40B4-937F-7AB83FE68175} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3683744004-2234847076-2787530182-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {DF9F2FC1-1F12-46CF-8A03-E21DF9F765F5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3683744004-2234847076-2787530182-500 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-23 00:44 - 2012-12-07 20:38 - 00039424 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-01-20 23:43 - 2015-01-15 00:15 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-01-20 23:43 - 2015-01-15 00:14 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-01-20 23:43 - 2015-01-15 00:14 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-01-20 23:43 - 2015-01-15 00:14 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-01-20 23:43 - 2015-01-15 00:15 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-01-20 23:43 - 2015-01-15 00:15 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-01-20 23:43 - 2015-01-15 00:15 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2015-01-20 23:43 - 2015-01-15 00:15 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-05-23 00:47 - 2013-02-15 23:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-01-21 18:08 - 2014-12-16 15:34 - 00156792 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\message_center_win8.dll
2015-01-21 18:08 - 2014-12-16 15:34 - 01358456 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libglesv2.dll
2015-01-21 18:08 - 2014-12-16 15:34 - 00219256 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\libegl.dll
2015-01-21 18:08 - 2014-12-16 15:34 - 09312888 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\pdf.dll
2015-01-21 18:08 - 2014-12-16 15:34 - 00991352 _____ () C:\Program Files (x86)\Opera\26.0.1656.60\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3683744004-2234847076-2787530182-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3683744004-2234847076-2787530182-501 - Limited - Disabled)
johns (S-1-5-21-3683744004-2234847076-2787530182-1002 - Administrator - Enabled) => C:\Users\johns
UpdatusUser (S-1-5-21-3683744004-2234847076-2787530182-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 05:08:06 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active. 
 
Context: Windows Application
 
 
Details:
The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
 
Error: (01/23/2015 05:04:15 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 04:35:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16433, time stamp: 0x50763312
Faulting module name: twinui.dll, version: 6.2.9200.16579, time stamp: 0x51639051
Exception code: 0xc0000005
Fault offset: 0x000000000000186c
Faulting process id: 0xf5c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (01/23/2015 01:28:08 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:22:54 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:11:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 03:09:18 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Notifications for the volume C:\ are not active. 
 
Context: Windows Application
 
 
Details:
The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
 
Error: (01/23/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16433, time stamp: 0x50763312
Faulting module name: twinui.dll, version: 6.2.9200.16522, time stamp: 0x51131a75
Exception code: 0xc0000005
Fault offset: 0x000000000000186c
Faulting process id: 0xe10
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (01/23/2015 08:57:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
System errors:
=============
Error: (01/23/2015 05:04:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/23/2015 04:35:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/23/2015 04:35:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:07:40 on ‎23/‎01/‎2015 was unexpected.
 
Error: (01/23/2015 04:27:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (01/23/2015 02:11:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 49.
 
Error: (01/23/2015 01:55:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073712: Security Update for Windows 8 for x64-based Systems (KB3019215).
 
Error: (01/23/2015 01:28:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/23/2015 01:22:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/23/2015 01:11:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/23/2015 01:11:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:56:56 on ‎23/‎01/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 05:08:06 PM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Context: Windows Application
 
 
Details:
The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\
 
Error: (01/23/2015 05:04:15 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 04:35:50 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:30:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1643350763312twinui.dll6.2.9200.1657951639051c0000005000000000000186cf5c01d03710a9d90d78C:\WINDOWS\Explorer.EXEC:\Windows\System32\twinui.dllef2451da-a303-11e4-be8a-240a6438a1a7
 
Error: (01/23/2015 01:28:08 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:22:54 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 01:11:37 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/23/2015 03:09:18 AM) (Source: Windows Search Service) (EventID: 3079) (User: )
Description: Context: Windows Application
 
 
Details:
The volume change journal is being deleted.  (HRESULT : 0x8007049a) (0x8007049a)
C:\
 
Error: (01/23/2015 08:58:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1643350763312twinui.dll6.2.9200.1652251131a75c0000005000000000000186ce1001d0374f4dcda19eC:\WINDOWS\Explorer.EXEC:\Windows\System32\twinui.dll915d007d-a342-11e4-be86-240a6438a1a7
 
Error: (01/23/2015 08:57:12 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 19%
Total physical RAM: 16304.17 MB
Available physical RAM: 13089.94 MB
Total Pagefile: 18608.17 MB
Available Pagefile: 15395.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:547.34 GB) (Free:435.37 GB) NTFS
Drive d: () (Fixed) (Total:365 GB) (Free:124.39 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 69CA0760)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Hit a snag with TDSS.  It found 3 suspicious objects but when clicked on "continue"  it brought up a slightly diff window to the one in your screenshot.  Mine says "start scan" instead of "reboot computer" and the "change parameters" link is still visible.  Repeated scan with same result    

  • 0

#4
nun-coffee

nun-coffee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Sorry, should have added, the options for each item found are: skip/ copy to quarantine/ delete   (no "cure" option) 

 

Items found are

1.  BTDevManager

 (suspicious object, medium risk)

 

2.  Unsigned file

Service: MSI_SuperCharger

(suspicious object, medium risk)

 

3.  Unsigned file

C:\:Program Files (x86)\REALTEK\Realtek Bluetooth\BTServr.exe

(suspicious object, medium risk)

 

 

Also I had to turn the machine off, had been dowloading "windows updates" and it let me install them but this time it also acknowledged the install, ie; said last time updates installed; with the correct date and time but I'm wary   


  • 0

#5
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Thanks for the update on TDSSKiller; I'll download the program and update the instructions this afternoon. Since there was no Cure, skip would have been the correct option (you did the right thing).

As to malware / rootkit on the system, your FRST scans are clean. TDSSKiller would have informed you of any rootkit type finds so I feel that is clean also.

I would allow all the updates to take place (maybe a few at a time with reboots in between the groups of updates) and see how the system performs then.

One question is: was this a image restore (of Windows) after the format or an installation from a DVD/CD?


  • 0

#6
nun-coffee

nun-coffee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It was an image restore although I was thinking about buying installation discs and doing it that way also to be sure 


  • 0

#7
nun-coffee

nun-coffee

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

A quick sort-of related question;

 

I like to reformat my machine every few months for security reasons, then overwrite.  But I only just learned of the MBR and possible other hidden partitions.  Is there a step by step turorial you could point me to on deleting then reinstalling these?


  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Sorry for the delay in answering this; missed the notification on your posts.

 

As to an image / backup solution to help with the MBR / partitions, I would suggest a tool like this - Macrium Reflect.  A brief tutorial on using it to image your hard drive and restore that image can be found here - http://www.geekstogo...t-imaging-tool/ .  Best of all this tool is free and does a great job of imaging and restoring a hard drive (even if the drive is unbootable).


  • 0

#9
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP