Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FOR RKINNER!

Virus Malware Trojan Over Certified Hacker

  • Please log in to reply

#1
stanleybeast

stanleybeast

    Member

  • Member
  • PipPip
  • 14 posts
Hi 
 
I read this post you did with a guy, http://www.geekstogo...r-is-very-slow/
 
I will say first and foremost, I HOPE YOU CAN HELP ME as I have win 7 32 500gig desktop, 1600gig vista 64 bit laptop, and 200gig desktop running win 7 32 bit and all there files are kriss kross over MAINLY, the guy who is I think the one behind it(His HUGE extensive credentials are at the latter of this message.
 
 
 
I have a win 7 32 bit OEM home basic OS which when I bought it 4 yrs ago, never had the SP1 on the cd installation. Somehow, by the cd being in my cd rom, and with a 1000gig tera byte having 3 different comp back ups on it, , I THINK, my gf and her sister got a load of nasty McNASTY viruses and malware, ad-ware, Trojans from bit commit(movies) and so, unannounced to me, using it in 3 diff comp's passed around the nasty [bleep] to all 3 comps, and I believe it corrupted all 3 back up folders as after a few months, all 3 comps would be acting weird( NO event notifications anymore, seemed dcom and com+ now have way too many diff services running under it,I have a win 7 32 bit OEM home basic OS which when I bought it 4/5 yrs ago, and the genuine MS disk never had SP1 on the cd installation but does now and it was unwritable for me so that's odd..  With new OS came all self picked new hardware. 
 
1) Somehow, by the cd being in my cd rom, and also the USB external terabyte having 3 different computer folder back ups on it and anything and everything bad that p2p free sites have,  passed around the nasty stuff to all 3 comps. I believe it corrupted all 3 back up folders as after a few months, all 3 comps would be acting weird.
 
2) Noticing that folders were bloated, windows folder had way more folders and also files in that root dir which i learned is for reote accessing them if you need help, I NEVR..NO event notifications n reports anymore. Dcom and com+ now have way too many new, diff and dependant on rpcc heavily services running under it, and assembliles with msil or 86x and a low # version and a high verion of the same one plus 3rd n 4th version with random numbers and the assembly name
 
3) Programs not working or also in properties it started loosing it description info, like it had been modified to work in a stream not on my comp. Also a big variety of file versions for SP1 changed to non genune versions, 6.1.7601.17514 too 6.1.7600.13585 and more
 
5) Chrome had multi versions to run thru like an md-Dos program so it could have a long url paths leading to diff exe files,com files, dat and bat and cab files,  problem with js/java/metadata files recording every thing from typed in gmail address too yahoo mail, skype, saved docs n pics if made that day/ 40 ish keyboard KBD??.Search results in chrome were always showing odd weird url's in the top 40 results,( url's like r.blog.672j=%fcache or  all results for blogs, and forums, and virus scanner site saying everything I searched that I never saw before was a virus,or possible one or infection  which cant be...
 
6) Couldnt get updates from MS sites nor update my certs,(it would get them from a folder on my comp that was pre made to look crypto and from microsoft,  ton of active x installed, scripts stuck in long before boot mgr so if I did a new intsall it was same thing over again. 
 
7) Api down level, minor/major versions, and api core stuff, xlms schema scripts that sinks apps to a lower vulnerable version,blackbox.dll(sp2 its for, never had that) properties of any given file will have compatibility mode anything else but win 7, grayed out, as if it was run in that version) 30-40 c_ (number).
 
8) NLS files AND 30 ish [email protected]#$.dll files, which are all compiled together to make a cisco virtual platform, hidden from view with side gadgets I think) , google wont update,redir virus I think,  all downloaded programs auto blocked in properties as it might have come from a diff comp, // few diff odbc .dll files, ole, olea32, oleahooks, IE 11, active x scripting/ windows NT registry corrupt I think too, because a program I use a few months back allowed you to modify the win NT reg and it said entries in red are suspicious and that was at least 75% of the folders.
 
OMG!!!!!!!!!!!
 
 
I just found a site, ironically,  and the guy sounds like ME!!!!!!!!!!!!!!!!!!!!!!!!!!!! http://www.computing...nfig/34472.html
 
If you read this, this is exactly what I have been going through since june/july last yr. 
 
 
My remoter/hackers extensive IT CREDENTIALS ARE AS FOLLOWS:
 
 
 
 
I am looking for a challenging and rewarding career, a full time opportunity, where I may apply my solid experience, strong interpersonal skills, utilize my ability to work under pressure to meet projects� deadlines, establish myself as a leading IT professional. I have extensive knowledge of installing, maintaining and troubleshooting Microsoft Servers and clients, Symantec Backups, network monitoring, Cisco and Sonicwall, LAN and WAN hardware.
Experience
 
Systems Admin
* Managing a web-based VPS server running on CentOS which hosts multiple websites
* Creating and managing websites on the VPS server
* Configuring email accounts and managing disk space on the server 
* Setting up Kiosk machines and installing WAMP and other Kiosk softwares to run
* Providing support to end users, setting up their user�s profiles and outlook profiles
* Going onsite and resolving user�s issues in Barrie area
* Cloning drives using Norton Ghost and Acronis TrueImage
* Backing up data using Acronis TrueImage
 
Network Administrator
* Maintaining, supporting, and administering Windows 2003 and 2008 server environment
* Managing users, profiles, and groups through Active Directory
* Maintaining and/or replacing server hardware components
* Installing and configuring new server operating systems and patches
* Managing Watchguard firewall, upgrading firmware, defining policies and proxy rules, securing the network using web-blocker, spam-blocker and anti-virus, and enable logging
* Setup automated server backups and perform restores on demand using Symantec Backup Exec
* Managing and maintaining E-mail accounts in smartermail, and sharing contacts and other information
* Maintenance and replacement of blackberrys, Iphones, android devices and pagers
* Ensure reliable network connectivity between the print server, printers, and user workstations
* Installing and testing WSUS deploy regular updates to users
* Setup managed anti-virus solution and schedule updates and scans to user�s computers
* Managing users phones through the phone server
* Providing technology support and help desk services to end users
* Maintaining software licenses and keeping track of hardware warranty
* Ordering and keeping track of toners used by the users
 
 
IT Consultant
* Recovered the dead domain controller server and recovered all the users and settings 
* Removed the existing routers, and installed and configured new Cisco router with firewall
* Removed the old switch and installed and configured new Netgear managed switch with VLANs
* Backed up the existing domain, removed it, installed new domain with a different name, imported 
the users, and all the settings and joined the computers to the new domain
* Built Raid drives to provide redundancy to the data and secure the server
* Configured the IP phones to work on a different VLAN than the computers
* Installed network monitoring tool and setup alerts
* Managed user accounts, windows profiles and setup file sharing
* Provided support to users on other network and systems related issues
 
Desktop Support Engineer
* Created and managed virtual servers using VMware and HyperV
* Setup user accounts to access the required resources using Group Policies
* Setup watchguard firewall and added policies according to the access required
* Setup security features on firewall such as Intrusion prevention and gateway antivirus
* Created VPN access for users to connect through the watchguard firewall
* Provided consultancy and remote support to end users
* Troubleshoot issues and create service requests
* Create and manage users via Active Directory
* Install and upgrade advance applications e.g. IMIS 10 and 15
* Monitor logs and alerts to maintain system uptime
 
 
Systems Engineer
* Managed perimeter devices such as routers, firewalls and switches of all clients
* Managed backbone servers including Windows and few Linux servers
* Managed Active Directory domain and configured DC and ADC including multiple domain forest 
* Worked with Exchange servers, managed users and troubleshooted issues related to the server
* Provided consultancy and remote support to end user�s system issues to troubleshoot
* Server and work station maintenance and conducted daily data backup job
* Provided support for Blackberry, iPhone, Smartphones, Palm, etc. and manage users via BES server
* Dealt with the exchange servers and offsite email servers, mail bagging, and mailbox recovery 
* Managed firewalls for clients which included Cisco ASA and PIX firewall and Sonicwall devices
* Managed Citrix Presentation Server and XenApp and managed users and remote apps 
* Remotely connected to user�s computers via Logmein and Teamviewer and resolved issues
* Experience with Blackberry devices and Blackberry Enterprise Server.
* Work with Exchange clusters, SQL clusters, IIS, Blackberry Enterprise server, and file servers. 
* Troubleshoot local or network printing and internet issues
 
Certified Engineering Technologist
Ontario Association of Certified Engineering Technicians and Technologists (OACETT), License 873328
April 2014 � Present
CCNA (Voice)
Cisco
February 2014 � February 2017
MCSA (Windows Server 2012)
Microsoft
January 2014 � Present
MCP (Windows Server 2012)
Microsoft
December 2013 � Present
CCNA (Routing and Switching)
Cisco
March 2011 � March 2017
MCTS (Windows 7)
Microsoft
November 2010 � Present
MCSA (Windows Server 2003)
Microsoft
November 2010 � Present
 
 
 
Now, does it seem like all my issues directly coinsides with his work experience? It does right? I really need the info/proof that its him but he is way to smart for me. I cant even open anything now, like anything in %system32%, cmd, mmc, regedit, task mgr, nothing.. 
 
These are in registry that stood out from a quick browse of it....
 
sessionmanager- Dos devices ->> 
aux-> \DosDevices\Com1
MAILSLOT-> \Device\Mailslot
NULL-> \Device\Null
PIPE--> \Device\NamedPipe
PRN--> \DosDevices\LPT1
UNC--> \Device\Mup
 
session mgr\subsystems\
default --> mnmsrvc
Debug-->empty
Kmode--> \SystemRoot\System32\win32k.sys
optional--> Posix
Posix-->%SystemRoot%\system32\psxss.exe
Required--> debug windows
windows--> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
session mgr\subsystems\CSRSS
CsrSrvSharedSectionBase --> vaslue data being 7f6f0000
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Logging\STICLI--Default -->> Still Image Client Application 
Level-->4
 
stillimage\logging\STIMON -> Default is Still Image Monitoring Process
level-4
 
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\ServerSettings ShutdownIfUnusedDelay --> 0x0000001e (30)
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Trace
DefaultEnableObjectTracking-->0x0000001 (1)
DefaultMaxTraceArraySize-->> 0x0000000a (10)
 
Sti.DLL AND sti_ci.dll and wiaservc.dll all have enabledobjecttracking 0x0000001(1)
 
 
Also, FYI, we have a Iphone5 here and also a black berry and with our dsl package is also
our phone, and the phone is from the pad family, and it got rooted one day out of no where, shortly after my first back up restore from the terabyte for all 3 comps, and even if I did a clean install, it would still be same "false" if new install OS/make flag=os old install  bullcrap flags n scripts in before the boot mgr OR, what I think also is this guy has spot to enter blue tooth script to the comps from the wireless telpad.. I really need help to get him gone and with proof left behind it was him.. 
 
I have google drive folders with files from since june last yr, and everytime I got close to getting somewhere with it, I would wake up, turn it on and it be system restored right back, or even if I let the comp sleep, you could hear it working hard and un doing any changes I did. So my worries is, if  we're going to do this comp, I will stay at it flat out straight for the half day Runner, get it to where you know it wont system restore from a cloud service or when comp shuts down or sleeps cause I can use one of the others while we fix it. So will hit it hard now?
 
 
 
I can't run otl file Runner  because it says "the service cant be started either because  it is disabled  or because  it has no enabled  devices  associated with it.. Skype works, chrome does.. poker stars doesnt MSE is installed but cant be found though i see it in programs and features. Magicjack, net framework 4.5.2 also installed. Removed nvidia drivers as full of bad drivers. no java installed either or adobe.
 
I wait your fix on the OTL problem
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

See if you can run any of these:

 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Same problem again with all of them. The one tool that I had on the comp that works still is autorunsexe. I do still have the tests from ccombo fix, jrt txt, and an eset uninstaller txt  I did on the 19th if you want to see them, and also  junk txt and jumk.txt that I did on the  12th. 

    Do you want me to post those and also do a autorun scan? I don't know what's on the go with this now,.


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Have you tried in Safe Mode with networking?

     

    (Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

     
    Also try otl.com and otl.scr and see if either will work.  Available on this page: 
     
    You can also get a FRST scan if you have a USB drive:
     

    • 0

    #5
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    I downloaded  otl, rkill, farbar recovery, minitool box, rougekiller, TFC, adwcleaner, CCleaner, JRT, Delfix, autoruns, malwarebytes anti exploit and anti rootkit, hitman pro, super anti spyware, all the exe version, 

     

    hijack this.msi,

     

    Downloaded them unto a usb from a different computer. I noticed when it was waiting to open the download window I saw it say " waiting on bleeping comp, than anoother  url said g.google. clickads or something and one url after that one was walkerzombie.. not sure if they are causing the downloads to not come from the site or from a cloud service, but i did click on the "download [email protected] logo on every one. Don't bleeping computer have the downloads on a cloudfare? so they should not be contaminated right?

     

     

    I don't think the safe mode option will work to solve the issue as well because I see the safe mode loading options in the registry to be modified to included drivers and services that should not be loaded. I won't plug in the usb into this computer until you give me which programs to start with first so we hit this right the first time. 

     

    Also, please note, do I have to unblock these programs before I run them, under properties it says this application may come from a diff program and be blocked for your protection"... My thoughts were that if I unblock it first, this might be what the virus/hacker want so a script can be inserted right before running.. 


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Did you try otl.com or otl.scr?  If you have to unblock them then go ahead.  You are already infected so it's not going to bet much worse and I need at least one current scan so I can see what is going on.

     

    Go ahead and post any logs you have.  Autoruns' log is usually too big for the forum so you need to zip it up and attach it.

     

    The FRST scan from a USB is probably your best bet if you can create the bootable USB on a separate clean computer.


    • 0

    #7
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    combo fix txt would not uopload, did it manually,

     

    ComboFix 15-02-16.01 - Jared 02/19/2015   7:45.2.2 - x86
    Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.3327.2417 [GMT 8:00]
    Running from: c:\users\Jared\Desktop\ufcom.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ar\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\bg\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ca\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\cs\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\da\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\de\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\el\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\en\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\es\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\fi\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\fr\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\he\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\hr\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\hu\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\id\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\it\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ja\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ko\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\nb\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\nl\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pl\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pt_BR\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pt_PT\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ro\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ru\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sk\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sl\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sr\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sv\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\te\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\tr\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\uk\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\vi\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\zh_CN\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\zh_TW\messages.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_metadata\computed_hashes.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_metadata\verified_contents.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\adblock_start_chrome.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\adblock_start_common.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\background.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\bandaids.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.css
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\search\search.css
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\search\search.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\CHANGELOG.txt
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\checkupdates.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\chrome_oauth_receiver.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\chrome_oauth_receiver.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\dropbox-datastores.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\domainset.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filternormalizer.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filteroptions.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filterset.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filtertypes.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\myfilters.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\functions.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\idlehandler.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\delete.gif
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox1.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox2.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox3.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\facebook-sprite.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\gifloader.gif
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\gplus-sprite.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon128.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon16.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon16_grayscale.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\[email protected]
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19-grayscale.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19-whitelisted.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon24.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon32.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38-grayscale.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38-whitelisted.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon48.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\logo.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\check.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\magnifying_glass.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-engine-card_no-shadow.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-engine-icons.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-omnibox-card_no-shadow.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search_engine_select_arrow.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\twitter-sprite.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-icons_056b93_256x240.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\jquery-ui.custom.css
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\override-page.css
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery-ui.custom.min.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery.cookie.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery.min.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\LICENSE
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\manifest.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\customize.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\customize.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\filters.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\filters.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\general.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\general.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\index.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\index.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\options.css
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\support.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\support.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\adreport.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\adreport.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\resourceblock.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\resourceblock.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\subscribe.html
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\subscribe.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\port.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\README.markdown
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\focus.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\incognito.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\pitchpage.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\search-plus-one.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\secure_reminder.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\serp.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\stats.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\translators.json
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\blacklistui.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\clickwatcher.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\elementchain.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\overlay.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\rightclick_hook.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\load_jquery_ui.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\send_content_to_back.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\top_open_blacklist_ui.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\top_open_whitelist_ui.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\ytchannel.js
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
    c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\windows\system32\spsys.log
    .
    .
    (((((((((((((((((((((((((   Files Created from 2015-01-18 to 2015-02-18  )))))))))))))))))))))))))))))))
    .
    .
    2015-02-18 23:50 . 2015-02-18 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-02-18 22:13 . 2015-02-18 22:13 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEBD94C8-3E13-4C6B-98F5-47D546740E24}\MpKsl889ff405.sys
    2015-02-17 18:11 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEBD94C8-3E13-4C6B-98F5-47D546740E24}\mpengine.dll
    2015-02-16 00:37 . 2014-12-01 19:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-02-13 10:08 . 2015-02-13 10:08 43152 ----a-w- c:\windows\avastSS.scr
    2015-02-13 09:53 . 2015-02-13 10:00 -------- d-----w- c:\programdata\AVAST Software
    2015-02-13 04:32 . 2015-02-04 00:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2015-02-13 04:32 . 2015-02-04 00:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0775937-AE0C-4546-88DF-3093FC19E589}\gapaengine.dll
    2015-02-12 06:46 . 2015-02-12 06:46 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
    2015-02-05 12:16 . 2014-12-31 11:13 249488 ------w- c:\windows\system32\MpSigStub.exe
    2015-02-04 20:57 . 2015-02-05 12:15 -------- d-----w- c:\program files\PokerStars
    2015-02-04 03:53 . 2015-02-04 04:07 -------- d-----w- c:\programdata\HitmanPro
    2015-02-04 00:22 . 2015-02-18 22:44 -------- d-----w- c:\program files\Microsoft Security Client
    2015-02-01 06:52 . 2015-02-01 06:52 -------- d-----w- c:\programdata\CSIS
    2015-01-30 22:00 . 2014-12-14 20:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA28A1DE-BE9D-4AA6-A0CA-8152716A2E03}\mpengine.dll
    2015-01-30 13:37 . 2015-01-30 13:37 -------- d-----w- c:\programdata\magicJack
    2015-01-30 07:04 . 2015-02-18 22:20 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-01-30 07:04 . 2015-01-30 07:04 -------- d-----w- c:\programdata\RogueKiller
    2015-01-30 07:02 . 2015-01-31 09:09 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
    2015-01-30 06:53 . 2015-02-18 16:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    2015-01-30 06:49 . 2015-01-30 06:49 -------- d-----w- c:\programdata\Malwarebytes
    2015-01-30 06:49 . 2015-01-30 06:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-01-30 06:49 . 2015-01-30 06:49 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-01-30 06:48 . 2015-01-30 06:48 82648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-01-30 06:44 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
    2015-01-30 06:44 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2015-01-30 06:44 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
    2015-01-30 06:44 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
    2015-01-30 06:44 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
    2015-01-30 06:42 . 2014-07-02 19:42 4389848 ----a-w- c:\windows\system32\nvcpl.dll
    2015-01-30 06:42 . 2014-07-02 19:42 3063256 ----a-w- c:\windows\system32\nvsvc.dll
    2015-01-30 06:42 . 2014-07-02 19:42 670552 ----a-w- c:\windows\system32\nvvsvc.exe
    2015-01-30 06:42 . 2014-07-02 19:42 62936 ----a-w- c:\windows\system32\nvshext.dll
    2015-01-30 06:42 . 2014-07-02 19:42 377288 ----a-w- c:\windows\system32\nvmctray.dll
    2015-01-30 06:42 . 2014-07-02 19:42 2556360 ----a-w- c:\windows\system32\nvsvcr.dll
    2015-01-30 06:42 . 2014-08-19 14:16 61728 ----a-w- c:\windows\system32\OpenCL.dll
    2015-01-30 06:42 . 2015-01-30 06:43 -------- d-----w- c:\programdata\NVIDIA Corporation
    2015-01-30 06:29 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
    2015-01-29 10:53 . 2015-02-04 03:42 -------- d-----w- c:\programdata\Skype
    2015-01-29 10:28 . 2015-01-29 10:30 -------- d-----w- c:\program files\Google
    2015-01-29 10:04 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
    2015-01-29 02:38 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2015-01-29 02:37 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2015-01-29 02:37 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2015-01-29 02:37 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2015-01-29 02:37 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2015-01-29 02:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
    2015-01-29 02:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
    2015-01-29 02:37 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
    2015-01-29 02:37 . 2014-11-22 01:48 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2015-01-29 02:36 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-01-29 02:36 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
    2015-01-29 02:36 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
    2015-01-29 02:36 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
    2015-01-29 02:36 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
    2015-01-28 04:49 . 2015-02-04 05:03 -------- d-----w- c:\windows\Panther
    2015-01-27 21:25 . 2015-01-27 21:25 -------- d-s---w- c:\windows\system32\CompatTel
    2015-01-27 21:25 . 2015-01-27 21:25 -------- d-----w- c:\windows\system32\appraiser
    2015-01-27 19:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
    2015-01-27 19:01 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
    2015-01-27 19:01 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
    2015-01-27 19:01 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
    2015-01-27 19:01 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
    2015-01-27 16:28 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2015-01-27 16:27 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
    2015-01-27 15:55 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2015-01-27 15:55 . 2015-02-18 22:47 -------- d-----w- c:\program files\NVIDIA Corporation
    2015-01-27 15:33 . 2015-01-27 15:35 -------- d-----w- c:\windows\system32\MRT
    2015-01-27 14:53 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2015-01-27 14:53 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2015-01-27 14:53 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2015-01-27 14:53 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2015-01-27 14:53 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2015-01-27 14:53 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2015-01-27 14:53 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2015-01-27 14:51 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2015-01-27 14:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
    2015-01-27 14:41 . 2015-01-27 14:41 -------- d-----w- c:\windows\Migration
    2015-01-27 14:41 . 2015-01-27 14:41 -------- d-----w- c:\program files\Microsoft.NET
    2015-01-27 14:38 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2015-01-27 14:38 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2015-01-27 14:29 . 2015-01-27 14:29 231424 ----a-w- c:\windows\system32\mswsock.dll
    2015-01-27 14:29 . 2015-01-27 14:29 49152 ----a-w- c:\windows\system32\taskhost.exe
    2015-01-27 14:26 . 2015-01-27 14:26 1505280 ----a-w- c:\windows\system32\d3d11.dll
    2015-01-27 14:23 . 2014-12-04 04:38 337920 ----a-w- c:\windows\system32\generaltel.dll
    2015-01-27 14:23 . 2014-12-04 04:38 610304 ----a-w- c:\windows\system32\invagent.dll
    2015-01-27 14:23 . 2014-12-04 04:38 315392 ----a-w- c:\windows\system32\devinv.dll
    2015-01-27 14:23 . 2014-12-04 04:38 159744 ----a-w- c:\windows\system32\aepic.dll
    2015-01-27 14:23 . 2014-12-04 04:34 873984 ----a-w- c:\windows\system32\aeinv.dll
    2015-01-27 14:23 . 2014-12-01 23:28 1160872 ----a-w- c:\windows\system32\aitstatic.exe
    2015-01-27 14:23 . 2014-12-04 04:38 202752 ----a-w- c:\windows\system32\aepdu.dll
    2015-01-27 14:21 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2015-01-27 14:20 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
    2015-01-27 14:19 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
    2015-01-27 14:18 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
    2015-01-27 14:09 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-01-27 14:09 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2015-01-27 14:09 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys
    2015-01-27 14:09 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll
    2015-01-27 14:09 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-01-27 14:09 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll
    2015-01-27 14:09 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-01-27 14:09 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2015-01-27 14:09 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll
    2015-01-27 14:09 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll
    2015-01-27 14:09 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe
    2015-01-27 14:09 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
    2015-01-27 14:07 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
    2015-01-27 14:07 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
    2015-01-27 14:07 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
    2015-01-27 14:07 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
    2015-01-27 14:07 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
    2015-01-27 13:20 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
    2015-01-27 13:20 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
    2015-01-27 13:20 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
    2015-01-27 13:20 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
    2015-01-27 13:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
    2015-01-27 13:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
    2015-01-27 13:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
    2015-01-27 13:20 . 2014-05-14 01:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
    2015-01-27 13:20 . 2014-05-14 01:17 33792 ----a-w- c:\windows\system32\wuapp.exe
    2015-01-27 13:13 . 2015-02-04 03:42 -------- d-sh--w- c:\windows\Installer
    2015-01-27 12:58 . 2015-02-13 04:21 -------- d-----w- c:\users\Jared
    2015-01-27 12:58 . 2015-01-27 12:58 -------- d-----w- C:\Recovery
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2014-07-04 16:55 51592 ----a-w- c:\users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MGNWRDBQ
    *NewlyCreated* - MPKSL889FF405
    *NewlyCreated* - NTKFZGEB
    *Deregistered* - aswHwid
    *Deregistered* - aswNdisFlt
    *Deregistered* - aswStm
    *Deregistered* - mgnwrdbq
    *Deregistered* - ntkfzgeb
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-02-04 00:20 1086280 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
    AddRemove-NVIDIA Drivers - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
    AddRemove-NVIDIAStereo - c:\program files\NVIDIA Corporation\3D Vision\nvStInst.exe
    AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL
    AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL
    AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-02-19  07:51:20
    ComboFix-quarantined-files.txt  2015-02-18 23:51
    .
    Pre-Run: 138,164,621,312 bytes free
    Post-Run: 138,139,095,040 bytes free
    .
    - - End Of File - - 821940A5FCE9D2036E181A23F40CE032
    A36C5E4F47E84449FF07ED3517B43A31


    auto runs test is the only one that would run from the usb, same error with all the rest. JRT n combo fix tests are from the 19th

    Attached Files


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Autoruns.zip file says it is empty when I try to extract it.

     

    Run Autoruns again and see if you can find these drivers or services:

     

     MGNWRDBQ
     MPKSL889FF405
     NTKFZGEB
     mgnwrdbq
    ntkfzgeb
     
    If you find any, uncheck them. Close Autoruns and reboot.
     
    Try renaming combofix.exe to explorer.exe and see if it wants to run.
     
    Can you get a boot log?
     
    When you get to Step 3 Substep 2.  Copy and paste the text from Notepad into a reply.
     
    (If you get a pop up just click on No Thanks I know everything)
     

    • 0

    #9
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Tried renaming it, same error as before. 

     

    Did not find any of those as drivers or services, just that a lot of the  drivers n services are not microsoft certified.

     

    Can't open msconfig or cmd.exe or anything of that nature, same error as when trying to run any programs. I will try this in safe mode, brb


    • 0

    #10
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Safe mode I was able to do frst scan.  Couldnt do combo fix as it says MS security essentials running and  search wont show it, and I did elevated cmd command to stop it, access denied, and tried it also with super admin, same thing. I disabled sure user and did frst scan. here are the results.

     

    addition txt

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
    Ran by Jared at 2015-02-26 22:52:21
    Running from E:\
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    magicJack (HKU\S-1-5-21-289597471-917399791-413522533-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
    Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    Check "winmgmt" service or repair WMI.
     
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-02-04 12:10 - 2015-02-19 07:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Loaded Modules (whitelisted) ==============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-289597471-917399791-413522533-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: HitmanProScheduler => 2
    MSCONFIG\startupreg: cdloader => "C:\Users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-289597471-917399791-413522533-500 - Administrator - Disabled)
    Guest (S-1-5-21-289597471-917399791-413522533-501 - Limited - Disabled)
    Jared (S-1-5-21-289597471-917399791-413522533-1000 - Administrator - Enabled) => C:\Users\Jared
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:06:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
     
    System errors:
    =============
    Error: (02/26/2015 10:52:21 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
     
    Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
     
    Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
     
    Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
     
    Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
     
    Error: (02/26/2015 10:44:07 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
     
    Error: (02/26/2015 10:44:02 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
     
    Error: (02/26/2015 10:43:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
    %%1068
     
    Error: (02/26/2015 10:43:59 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
     
    Error: (02/26/2015 10:43:55 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: %%860 Real-Time Protection feature has encountered an error and failed.
     
    Feature: %%834
     
    Error Code: 0x8007043c
     
    Error description: This service cannot be started in Safe Mode 
     
    Reason: %%858
     
     
    Microsoft Office Sessions:
    =========================
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 009120200000000000000AF000000
     
    Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 009120200000000000000AF000000
     
    Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
    Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 009120200000000000000AF000000
     
    Error: (02/26/2015 10:06:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2015-02-26 22:42:06.107
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:34:20.638
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:22:56.721
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:16:59.881
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:03:35.647
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 16:00:13.409
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 15:40:23.453
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-24 10:46:11.220
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-24 09:57:02.983
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-24 09:51:34.323
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD Athlon™ II X2 250 Processor
    Percentage of memory in use: 13%
    Total physical RAM: 3327.23 MB
    Available physical RAM: 2888.77 MB
    Total Pagefile: 6652.74 MB
    Available Pagefile: 6241.75 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1886.9 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:146.39 GB) (Free:127.78 GB) NTFS
    Drive d: (D) (Fixed) (Total:319.27 GB) (Free:318.78 GB) NTFS
    Drive e: (IMATION USB) (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61A7D6A5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: F20DB7B1)
    Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)
     
    ==================== End Of Log ============================
     
     
    FRST txt
     
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
    Ran by Jared (administrator) on JARED-PC on 26-02-2015 22:51:41
    Running from E:\
    Loaded Profiles: Jared (Available profiles: Jared)
    Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-289597471-917399791-413522533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
     
    Chrome: 
    =======
    CHR HomePage: Profile 2 -> hxxp://www.google.com
    CHR StartupUrls: Profile 2 -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
    CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]
    S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]
    S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed]
    S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-01-27] (Microsoft Corporation) [File not signed]
    S2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]
    S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]
    R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]
    S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]
    S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
    S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
    S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]
    S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-12] ()
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]
    S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]
    S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]
    S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-02] (Microsoft Corporation) [File not signed]
    S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]
    S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]
    S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]
    R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Jared\AppData\Local\Temp\catchme.sys [X]
    S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]
     
    ========================== Drivers MD5 =======================
     
    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
    C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
    C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hitmanpro37.sys 43DC78987ECB5FD270170A0F99A61047
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
    C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
    C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
    C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA
    C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
    C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
    C:\Windows\System32\DRIVERS\nvlddmkm.sys B0881DDA5A8160422561FFAB7F0008B1
    C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8
    C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
    C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
    C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
    C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
    C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
    C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
    C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
    C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
    C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
    C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
    C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
    C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
    C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
    C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
    C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
    C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
    C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-26 22:51 - 2015-02-26 22:51 - 00000000 ____D () C:\FRST
    2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ___SD () C:\32788R22FWJFW
    2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ____D () C:\Qoobox
    2015-02-26 22:06 - 2015-02-26 22:06 - 00062506 _____ () C:\Users\Jared\Desktop\autoruns.zip
    2015-02-24 10:01 - 2015-02-24 10:01 - 02126848 _____ () C:\Users\Jared\Desktop\AdwCleaner.exe
    2015-02-23 10:11 - 2015-02-23 10:11 - 06381796 _____ () C:\Users\Jared\Desktop\java scirpt funny sutfft.txt
    2015-02-23 09:22 - 2015-02-23 09:23 - 00001201 _____ () C:\Users\Jared\Desktop\cmd.exe.lnk
    2015-02-23 01:16 - 2015-02-23 01:16 - 00003470 _____ () C:\Users\Jared\Desktop\skype sharedxml file.txt
    2015-02-22 20:51 - 2015-02-22 20:51 - 00026972 _____ () C:\Users\Jared\Desktop\geek.txt
    2015-02-22 05:29 - 2015-02-22 05:29 - 00000000 ____D () C:\Users\Jared\AppData\Local\CrashDumps
    2015-02-19 19:56 - 2015-02-19 19:56 - 00313903 _____ () C:\Users\Jared\Desktop\Windows6.1-KB975467-x86.msu
    2015-02-19 19:56 - 2015-02-19 19:56 - 00207752 _____ () C:\Users\Jared\Desktop\Windows6.1-KB974571-x86.msu
    2015-02-19 19:55 - 2015-02-19 19:57 - 16685427 _____ () C:\Users\Jared\Desktop\Windows6.1-KB974431-x86.msu
    2015-02-19 19:55 - 2015-02-19 19:55 - 00188835 _____ () C:\Users\Jared\Desktop\Windows6.1-KB973525-x86.msu
    2015-02-19 18:37 - 2015-02-19 18:37 - 00058016 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-19 17:20 - 2015-02-19 17:56 - 112270952 _____ (PokerStars) C:\Users\Jared\Desktop\PokerStarsInstall.exe
    2015-02-19 15:33 - 2015-02-26 22:48 - 00004812 _____ () C:\Windows\system32\PerfStringBackup.TMP
    2015-02-19 15:31 - 2015-02-26 22:10 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 15:31 - 2015-02-26 22:10 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 15:31 - 2015-02-19 15:31 - 00000552 _____ () C:\Windows\system32\spsys.log
    2015-02-19 15:29 - 2015-02-26 22:42 - 00000903 _____ () C:\Windows\setupact.log
    2015-02-19 15:29 - 2015-02-26 22:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-19 15:29 - 2015-02-19 15:29 - 00000020 ___SH () C:\Users\Jared\ntuser.ini
    2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-19 15:28 - 2015-02-19 15:29 - 00267016 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-19 15:26 - 2015-02-19 15:26 - 00000955 _____ () C:\DelFix.txt
    2015-02-19 15:26 - 2015-02-19 15:26 - 00000000 ____D () C:\Windows\ERUNT
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\ProgramData\Skype
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Skype
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-02-19 12:34 - 2015-02-22 09:24 - 00000000 ____D () C:\Users\Jared\Desktop\COM
    2015-02-19 12:21 - 2015-02-19 12:21 - 00088274 _____ () C:\Users\Jared\Documents\bookmarks_2_19_15.html
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieUserList
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieSiteList
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieBrowserModeList
    2015-02-19 07:20 - 2015-02-19 12:32 - 00000000 ____D () C:\Users\Jared\WORD
    2015-02-19 05:37 - 2015-02-19 06:12 - 00002707 _____ () C:\Users\Jared\Downloads\~ESETUninstaller.log
    2015-02-19 05:18 - 2015-02-19 05:19 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jared\Downloads\mbar-1.08.3.1004.exe
    2015-02-18 21:46 - 2015-02-18 21:46 - 00000010 _____ () C:\Users\Jared\Documents\pkr.txt
    2015-02-13 22:17 - 2015-02-13 22:17 - 00000000 ____D () C:\Users\Jared\Documents\Gary R
    2015-02-13 12:00 - 2015-02-13 11:59 - 00196608 _____ () C:\Users\Jared\Downloads\3D8B6B9C-0B52-4022-BD12-D8DD71DDFCCC.Diagnose.0.etl
    2015-02-12 21:51 - 2015-02-12 21:51 - 00036985 _____ () C:\Users\Jared\Documents\Appointments excel file.xlsx
    2015-02-12 14:46 - 2015-02-12 14:46 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-02-06 06:51 - 2015-02-06 06:51 - 00003573 _____ () C:\Users\Jared\Documents\17-things-to-expect-when-you-date-a-girl-whos-used-to-being-on-her-own.txt
    2015-02-05 20:16 - 2014-12-31 19:13 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-05 20:04 - 2015-02-05 20:04 - 00000000 ____D () C:\Users\Jared\AppData\Local\tjnet
    2015-02-05 04:57 - 2015-02-19 10:43 - 00000000 ____D () C:\Users\Jared\AppData\Local\PokerStars
    2015-02-05 04:57 - 2015-02-05 20:15 - 00000000 ____D () C:\Program Files\PokerStars
    2015-02-05 04:57 - 2015-02-05 04:57 - 00001913 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk
    2015-02-05 04:57 - 2015-02-05 04:57 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
    2015-02-04 15:31 - 2015-02-26 22:40 - 00928371 _____ () C:\Windows\WindowsUpdate.log
    2015-02-04 12:58 - 2015-02-04 12:58 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-04 12:47 - 2015-02-04 12:50 - 00000000 ____D () C:\Windows\erdnt
    2015-02-04 11:46 - 2015-02-04 11:46 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jared\Desktop\autoruns.exe
    2015-02-04 08:22 - 2015-02-19 06:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-04 08:22 - 2015-02-19 05:30 - 00002205 _____ () C:\Windows\epplauncher.mif
    2015-02-04 08:09 - 2015-02-04 08:20 - 00001770 _____ () C:\Users\Jared\Desktop\chrome - Shortcut.lnk
    2015-02-01 15:18 - 2015-02-04 10:02 - 00000000 ____D () C:\Windows\pss
    2015-01-30 21:37 - 2015-02-19 12:36 - 00000000 ____D () C:\ProgramData\magicJack
    2015-01-30 21:36 - 2015-02-18 02:15 - 00000953 _____ () C:\Users\Jared\Desktop\magicJack.lnk
    2015-01-30 21:36 - 2015-02-18 02:15 - 00000939 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\Jared\AppData\Local\magicJack
    2015-01-30 21:32 - 2015-02-18 02:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\mjusbsp
    2015-01-30 15:04 - 2015-02-19 06:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-30 14:49 - 2015-01-30 14:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-30 14:48 - 2015-01-30 14:48 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-30 14:44 - 2012-08-23 22:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-01-30 14:44 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-01-30 14:44 - 2012-08-23 21:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-01-30 14:44 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-01-30 14:44 - 2012-08-23 18:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-01-30 14:43 - 2015-01-30 14:43 - 00000000 ____D () C:\OETemp
    2015-01-30 14:43 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-01-30 14:43 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-01-30 14:43 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-01-30 14:43 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-01-30 14:43 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-01-30 14:43 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-01-30 14:43 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-01-30 14:43 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-01-30 14:43 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-30 14:43 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-01-30 14:43 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-01-30 14:43 - 2013-10-02 04:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-01-30 14:42 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-01-30 14:29 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-01-29 18:53 - 2015-02-23 01:16 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype
    2015-01-29 18:53 - 2015-02-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-01-29 18:53 - 2015-02-07 04:44 - 00000000 ____D () C:\Users\Jared\AppData\Local\Skype
    2015-01-29 18:53 - 2015-02-04 11:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-01-29 18:50 - 2015-01-30 22:35 - 00001141 _____ () C:\Users\Jared\Desktop\Downloads - Shortcut.lnk
    2015-01-29 18:30 - 2015-01-29 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google
    2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Program Files\Google
    2015-01-29 18:04 - 2012-02-11 13:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2015-01-29 10:38 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2015-01-29 10:37 - 2014-11-22 09:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-01-29 10:37 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-01-29 10:37 - 2011-03-11 13:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
    2015-01-29 10:37 - 2011-03-11 13:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
    2015-01-29 10:37 - 2011-03-11 13:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
    2015-01-29 10:37 - 2011-03-11 13:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
    2015-01-29 10:37 - 2011-03-11 13:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2015-01-29 10:37 - 2011-03-11 13:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
    2015-01-29 10:37 - 2011-03-11 12:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-01-29 10:36 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\system32\locale.nls
    2015-01-29 10:36 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-01-29 10:36 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-01-29 10:36 - 2011-02-25 13:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2015-01-28 12:49 - 2015-02-04 13:03 - 00000000 ____D () C:\Windows\Panther
    2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-01-28 03:01 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-01-28 03:01 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-01-28 03:01 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-01-28 03:01 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-01-28 03:01 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-01-28 01:36 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\Jared\AppData\Local\Apps\2.0
    2015-01-28 00:28 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-01-28 00:27 - 2013-04-10 07:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-01-28 00:21 - 2015-01-28 00:21 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Adobe
    2015-01-27 23:55 - 2015-02-19 06:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-01-27 23:55 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin
    2015-01-27 23:33 - 2015-01-27 23:35 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-27 22:53 - 2012-07-26 11:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2015-01-27 22:53 - 2012-07-26 11:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2015-01-27 22:53 - 2012-07-26 10:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2015-01-27 22:53 - 2012-07-26 10:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2015-01-27 22:53 - 2012-06-02 22:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2015-01-27 22:51 - 2012-03-01 13:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
    2015-01-27 22:51 - 2012-03-01 13:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
    2015-01-27 22:41 - 2015-01-27 22:41 - 00000000 ____D () C:\Program Files\Microsoft.NET
    2015-01-27 22:38 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-01-27 22:38 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-01-27 22:30 - 2015-01-27 22:30 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-01-27 22:30 - 2015-01-27 22:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2015-01-27 22:30 - 2015-01-27 22:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-01-27 22:30 - 2015-01-27 22:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-01-27 22:29 - 2015-01-27 22:29 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2015-01-27 22:29 - 2015-01-27 22:29 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2015-01-27 22:28 - 2015-01-27 22:28 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2015-01-27 22:26 - 2015-01-27 22:26 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-01-27 22:23 - 2014-12-04 12:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-01-27 22:23 - 2014-12-02 07:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-01-27 22:22 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2015-01-27 22:22 - 2014-07-17 09:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2015-01-27 22:22 - 2014-07-17 09:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2015-01-27 22:22 - 2014-07-17 09:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2015-01-27 22:22 - 2014-07-17 09:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-01-27 22:22 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-01-27 22:22 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2015-01-27 22:22 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2015-01-27 22:22 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2015-01-27 22:22 - 2013-05-13 11:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2015-01-27 22:22 - 2013-05-13 11:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2015-01-27 22:22 - 2012-04-26 12:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
    2015-01-27 22:22 - 2012-04-26 12:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
    2015-01-27 22:22 - 2011-07-09 10:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-01-27 22:22 - 2011-04-27 10:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-01-27 22:22 - 2011-04-27 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-01-27 22:21 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-27 22:21 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-27 22:21 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-27 22:21 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-01-27 22:21 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-01-27 22:21 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2015-01-27 22:21 - 2014-07-14 09:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-01-27 22:21 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2015-01-27 22:21 - 2013-07-09 12:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-01-27 22:21 - 2013-06-06 12:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-01-27 22:21 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-01-27 22:21 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-01-27 22:21 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-01-27 22:21 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-01-27 22:21 - 2012-12-07 20:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2015-01-27 22:21 - 2012-12-07 20:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2015-01-27 22:21 - 2012-12-07 18:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
    2015-01-27 22:21 - 2012-10-10 01:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2015-01-27 22:21 - 2012-10-10 01:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2015-01-27 22:21 - 2012-08-22 04:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
    2015-01-27 22:21 - 2012-06-06 13:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2015-01-27 22:21 - 2011-04-09 13:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-01-27 22:20 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-27 22:20 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-27 22:20 - 2014-11-11 09:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-01-27 22:20 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-01-27 22:20 - 2014-06-25 09:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-01-27 22:20 - 2014-06-03 17:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-01-27 22:20 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-01-27 22:20 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-01-27 22:20 - 2014-03-04 17:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-01-27 22:20 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-01-27 22:20 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2015-01-27 22:20 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2015-01-27 22:20 - 2013-08-02 09:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-01-27 22:20 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-01-27 22:20 - 2013-07-09 12:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-01-27 22:20 - 2013-07-09 12:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-01-27 22:20 - 2013-05-10 11:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2015-01-27 22:20 - 2012-10-04 00:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2015-01-27 22:20 - 2012-10-03 23:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2015-01-27 22:20 - 2012-08-23 01:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-01-27 22:20 - 2012-07-05 03:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
    2015-01-27 22:20 - 2012-01-04 16:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2015-01-27 22:20 - 2011-11-17 13:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2015-01-27 22:20 - 2011-08-27 12:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
    2015-01-27 22:19 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-01-27 22:19 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-01-27 22:19 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-01-27 22:19 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-01-27 22:19 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-01-27 22:19 - 2014-10-10 08:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-01-27 22:19 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2015-01-27 22:19 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2015-01-27 22:19 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2015-01-27 22:19 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2015-01-27 22:19 - 2014-02-04 10:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2015-01-27 22:19 - 2014-02-04 10:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2015-01-27 22:19 - 2014-02-04 10:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2015-01-27 22:19 - 2014-02-04 10:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2015-01-27 22:19 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-27 22:19 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2015-01-27 22:19 - 2013-08-28 08:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2015-01-27 22:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-01-27 22:19 - 2013-07-03 11:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
    2015-01-27 22:19 - 2013-07-03 11:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2015-01-27 22:19 - 2013-06-26 06:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2015-01-27 22:19 - 2013-02-12 11:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2015-01-27 22:19 - 2013-01-24 12:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2015-01-27 22:19 - 2012-11-29 06:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2015-01-27 22:19 - 2012-11-29 06:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2015-01-27 22:19 - 2012-11-29 06:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2015-01-27 22:19 - 2011-06-16 12:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
    2015-01-27 22:19 - 2011-05-04 12:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2015-01-27 22:19 - 2011-05-04 12:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2015-01-27 22:19 - 2011-05-04 12:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2015-01-27 22:19 - 2011-05-04 12:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2015-01-27 22:19 - 2011-02-23 12:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2015-01-27 22:19 - 2010-12-23 13:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-27 22:18 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-01-27 22:18 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-01-27 22:18 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-01-27 22:18 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-01-27 22:18 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-01-27 22:18 - 2014-06-16 09:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-01-27 22:18 - 2014-06-16 09:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2015-01-27 22:18 - 2014-06-16 09:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2015-01-27 22:18 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2015-01-27 22:18 - 2014-05-30 14:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-01-27 22:18 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-01-27 22:18 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-01-27 22:18 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-01-27 22:18 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-01-27 22:18 - 2014-01-28 10:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2015-01-27 22:18 - 2014-01-24 10:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2015-01-27 22:18 - 2013-11-26 19:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-01-27 22:18 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2015-01-27 22:18 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2015-01-27 22:18 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2015-01-27 22:18 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-01-27 22:18 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2015-01-27 22:18 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-01-27 22:18 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-01-27 22:18 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2015-01-27 22:18 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2015-01-27 22:18 - 2013-10-04 09:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2015-01-27 22:18 - 2013-10-04 09:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2015-01-27 22:18 - 2013-08-05 09:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2015-01-27 22:18 - 2013-07-25 16:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2015-01-27 22:18 - 2013-07-12 18:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
    2015-01-27 22:18 - 2013-07-12 18:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
    2015-01-27 22:18 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-01-27 22:18 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-01-27 22:18 - 2013-04-26 12:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-01-27 22:18 - 2013-03-19 11:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2015-01-27 22:18 - 2012-11-02 13:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2015-01-27 22:18 - 2012-09-26 06:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2015-01-27 22:18 - 2012-07-05 05:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2015-01-27 22:18 - 2012-07-05 05:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
    2015-01-27 22:18 - 2012-07-05 05:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
    2015-01-27 22:18 - 2012-05-14 12:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-01-27 22:18 - 2012-05-05 15:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-27 22:18 - 2012-03-17 15:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
    2015-01-27 22:18 - 2011-12-30 13:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2015-01-27 22:18 - 2011-12-16 15:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
    2015-01-27 22:18 - 2011-10-26 12:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-01-27 22:18 - 2011-10-15 13:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2015-01-27 22:18 - 2011-08-17 12:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
    2015-01-27 22:18 - 2011-08-17 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
    2015-01-27 22:18 - 2011-06-15 16:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
    2015-01-27 22:18 - 2011-05-24 18:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
    2015-01-27 22:18 - 2011-05-03 12:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-01-27 22:18 - 2011-04-29 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2015-01-27 22:18 - 2011-04-29 10:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2015-01-27 22:18 - 2011-04-29 10:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-01-27 22:18 - 2011-03-11 13:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
    2015-01-27 22:18 - 2011-03-11 13:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
    2015-01-27 22:18 - 2011-03-03 13:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-01-27 22:18 - 2011-03-03 13:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-01-27 22:18 - 2011-03-03 13:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
    2015-01-27 22:18 - 2011-02-18 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
    2015-01-27 22:18 - 2010-12-23 13:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
    2015-01-27 22:18 - 2010-12-23 13:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
    2015-01-27 22:09 - 2014-10-14 09:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-01-27 22:09 - 2014-10-14 09:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-01-27 22:09 - 2014-10-14 09:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-01-27 22:09 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-01-27 22:09 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-01-27 22:09 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-01-27 22:09 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-01-27 22:09 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-01-27 22:09 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-01-27 22:09 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-01-27 22:09 - 2013-07-04 20:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-01-27 22:09 - 2013-02-27 12:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-01-27 22:07 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-01-27 21:20 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-01-27 21:20 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-01-27 21:20 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-01-27 21:20 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-01-27 21:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-01-27 21:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-01-27 20:58 - 2015-02-19 15:29 - 00000000 ____D () C:\Users\Jared
    2015-01-27 20:58 - 2015-02-13 09:49 - 00000000 ____D () C:\Users\Jared\AppData\Local\VirtualStore
    2015-01-27 20:58 - 2015-01-27 20:58 - 00001409 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-27 20:58 - 2015-01-27 20:58 - 00000000 ____D () C:\Recovery
    2015-01-27 20:58 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-27 20:58 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-26 22:44 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
    2015-02-22 04:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-21 15:52 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-19 15:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
    2015-02-19 12:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-02-19 12:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
    2015-02-19 07:50 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
    2015-02-19 07:24 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2015-02-19 07:16 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-02-19 06:51 - 2009-07-14 10:37 - 00000000 ____D () C:\Users\Jared\MSInfo
    2015-02-13 12:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
    2015-02-13 12:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
    2015-02-04 12:50 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
    2015-02-01 15:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-01-30 19:23 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-30 14:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
    2015-01-28 12:48 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
    2015-01-28 12:48 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
    2015-01-28 05:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-HK
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\tr-TR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-PT
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\hu-HU
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\el-GR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
    2015-01-27 21:20 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore
    2015-01-27 20:58 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== BCD ================================
     
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
     
    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    nx                      OptIn
     
    Windows Boot Loader
    -------------------
    identifier              {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}
    device                  ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes
     
    Resume from Hibernate
    ---------------------
    identifier              {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    pae                     Yes
    debugoptionenabled      No
     
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume1
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes
     
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes
     
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
     
    RAM Defects
    -----------
    identifier              {badmemory}
     
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}
     
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
     
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
     
    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}
     
    Device options
    --------------
    identifier              {f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\boot.sdi
     
     
     
    LastRegBack: 2015-02-23 10:30
     
    ==================== End Of Log ============================

    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Copy the following text:

     

    [Version]
    Signature="$Chicago$"
    Provider=Symantec
    
    
    [DefaultInstall]
    AddReg=UnhookRegKey
    
    
    [UnhookRegKey]
    HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
    HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
    HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
    HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
    Open notepad, paste the text into notepad.  File, Save As, to your desktop, call it "fix.inf"  Save.  Note You must use the quotes or notepad will give you a .txt extension which won't work.
     
    Close notepad and find fix.inf on your desktop.  Right click on it and select Install.  This may help with your exe files not working.
     
    IF safe mode and/or the above do not help then you really need to follow the instructions here:
     
     
    This will give me a FRST scan log which should tell us what is going on.  This bypasses most of Windows so should work.  If you still can't get it to work then try the AVG Rescue CD:
     

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Your FRST scan looks empty.  Have you turned off a lot of stuff in Autoruns?  

     

    Can you use Autoruns to uncheck these two:

     

    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
     and reboot.
    That should stop MSE.  If not we can use FRST to pull it out by the roots.

    • 0

    #13
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    I didnt touch anythig in the autorun tests. Just let it run. I was able to do the inf file in safe mode, it still didnt change the error we're having.

     

    I was able to run though rouge killer in admin and also frst, here are the results. combo fix I didnt run and check if the unchecking of those 2 services in autoruns actually worked  as I wanted you to have rthese results first. I also didnt remove anything with rouge killer, just ran it and saved report and exited it. 

     

    Rouge killer result

     

    RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
     
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Safe mode
    User : Jared [Administrator]
    Mode : Scan -- Date : 02/27/2015  00:04:01
     
    ¤¤¤ Processes : 0 ¤¤¤
     
    ¤¤¤ Registry : 12 ¤¤¤
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found
    [PUM.Policies] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
     
    ¤¤¤ Tasks : 0 ¤¤¤
     
    ¤¤¤ Files : 0 ¤¤¤
     
    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
     
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
     
    ¤¤¤ Web browsers : 0 ¤¤¤
     
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD50 00AAKX-001CA SCSI Disk Device +++++
    --- User ---
    [MBR] 06b716690cf970fd175effefaf069c67
    [BSP] 050619420d09ead711c1d17073120430 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 149900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307202048 | Size: 326937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([1] Incorrect function. )
     
    +++++ PhysicalDrive1: Imation Imation USB USB Device +++++
    --- User ---
    [MBR] 59e5e4021929d32e53904858ad7209e1
    [BSP] 872a9a4900dc5d4b5680dc2e24b87c2f : Unknown MBR Code
    Partition table:
    0 - [XXXXXX] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 8064 | Size: 1907 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )
     
     
     
     
    addition txt result
     
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
    Ran by Jared at 2015-02-26 23:59:34
    Running from E:\
    Boot Mode: Safe Mode (minimal)
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    magicJack (HKU\S-1-5-21-289597471-917399791-413522533-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
    Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    21-02-2015 15:52:35 Scheduled Checkpoint
    22-02-2015 15:27:49 Windows Update
    26-02-2015 15:41:33 Windows Update
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-02-04 12:10 - 2015-02-19 07:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Loaded Modules (whitelisted) ==============
     
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-289597471-917399791-413522533-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: HitmanProScheduler => 2
    MSCONFIG\startupreg: cdloader => "C:\Users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-289597471-917399791-413522533-500 - Administrator - Disabled)
    Guest (S-1-5-21-289597471-917399791-413522533-501 - Limited - Disabled)
    Jared (S-1-5-21-289597471-917399791-413522533-1000 - Administrator - Enabled) => C:\Users\Jared
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/26/2015 11:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
    .
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )
    Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
    The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
    ]
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
    Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.
     
     
    System errors:
    =============
    Error: (02/26/2015 11:57:35 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
     
    Error: (02/26/2015 11:57:35 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
     
    Error: (02/26/2015 11:57:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
     
    Error: (02/26/2015 11:57:34 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
     
    Error: (02/26/2015 11:57:33 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
     
    Error: (02/26/2015 11:57:27 PM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
     
    Error: (02/26/2015 11:57:20 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
    Description: %%860 Real-Time Protection feature has encountered an error and failed.
     
    Feature: %%834
     
    Error Code: 0x8007043c
     
    Error description: This service cannot be started in Safe Mode 
     
    Reason: %%858
     
    Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    AFD
    cdrom
    DfsC
    discache
    ESProtectionDriver
    MpFilter
    NetBIOS
    NetBT
    nsiproxy
    PEAUTH
    Psched
    rdbss
    spldr
    tdx
    Wanarpv6
    WfpLwf
    ws2ifsl
     
    Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The WinDefend service terminated with the following error: 
    %%126
     
    Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: 
    %%31
     
     
    Microsoft Office Sessions:
    =========================
    Error: (02/26/2015 11:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
    Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 009120200000000000000AF000000
     
    Error: (02/26/2015 10:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )
    Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
     
     
    Operation:
       Instantiating VSS server
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
    Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 009120200000000000000AF000000
     
    Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
    Description: 0098020000002D010000
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2015-02-26 23:53:42.111
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:57:02.340
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:42:06.107
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:34:20.638
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:22:56.721
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:16:59.881
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 22:03:35.647
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 16:00:13.409
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-26 15:40:23.453
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
      Date: 2015-02-24 10:46:11.220
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: AMD Athlon™ II X2 250 Processor
    Percentage of memory in use: 18%
    Total physical RAM: 3327.23 MB
    Available physical RAM: 2711.59 MB
    Total Pagefile: 6652.74 MB
    Available Pagefile: 6062.31 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1921.19 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:146.39 GB) (Free:127.78 GB) NTFS
    Drive d: (D) (Fixed) (Total:319.27 GB) (Free:318.78 GB) NTFS
    Drive e: (IMATION USB) (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61A7D6A5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 1.9 GB) (Disk ID: F20DB7B1)
    Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)
     
    ==================== End Of Log ============================
     
     
    frst txt results
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
    Ran by Jared (administrator) on JARED-PC on 26-02-2015 23:59:12
    Running from E:\
    Loaded Profiles: Jared (Available profiles: Jared)
    Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Safe Mode (minimal)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\RunOnce: [GrpConv] => grpconv -o
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-289597471-917399791-413522533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
    HKU\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope value is missing.
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
     
    FireFox:
    ========
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
     
    Chrome: 
    =======
    CHR HomePage: Profile 2 -> hxxp://www.google.com
    CHR StartupUrls: Profile 2 -> "hxxp://google.com/"
    CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
    CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]
    CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]
    S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]
    S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]
    R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed]
    S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-01-27] (Microsoft Corporation) [File not signed]
    S2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]
    S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    R4 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
    S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S4 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
    S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]
    R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]
    S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]
    S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]
    S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]
    S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]
    S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]
    S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-12] ()
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
    S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]
    S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]
    S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]
    S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-02] (Microsoft Corporation) [File not signed]
    S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]
    S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]
    S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]
    R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]
    R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]
    R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]
    U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Jared\AppData\Local\Temp\catchme.sys [X]
    S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]
     
    ========================== Drivers MD5 =======================
     
    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
    C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
    C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hitmanpro37.sys 43DC78987ECB5FD270170A0F99A61047
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
    C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
    C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
    C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA
    C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
    C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
    C:\Windows\System32\DRIVERS\nvlddmkm.sys B0881DDA5A8160422561FFAB7F0008B1
    C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8
    C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
    C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
    C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
    C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
    C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
    C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
    C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
    C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
    C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
    C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
    C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
    C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
    C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
    C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
    C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
    C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
    C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-26 22:54 - 2015-02-26 22:54 - 00000000 ____D () C:\Users\Jared\Desktop\Scans
    2015-02-26 22:51 - 2015-02-26 23:59 - 00000000 ____D () C:\FRST
    2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ___SD () C:\32788R22FWJFW
    2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ____D () C:\Qoobox
    2015-02-26 22:06 - 2015-02-26 22:06 - 00062506 _____ () C:\Users\Jared\Desktop\autoruns.zip
    2015-02-24 10:01 - 2015-02-24 10:01 - 02126848 _____ () C:\Users\Jared\Desktop\AdwCleaner.exe
    2015-02-23 10:11 - 2015-02-23 10:11 - 06381796 _____ () C:\Users\Jared\Desktop\java scirpt funny sutfft.txt
    2015-02-23 09:22 - 2015-02-23 09:23 - 00001201 _____ () C:\Users\Jared\Desktop\cmd.exe.lnk
    2015-02-23 01:16 - 2015-02-23 01:16 - 00003470 _____ () C:\Users\Jared\Desktop\skype sharedxml file.txt
    2015-02-22 20:51 - 2015-02-22 20:51 - 00026972 _____ () C:\Users\Jared\Desktop\geek.txt
    2015-02-22 05:29 - 2015-02-22 05:29 - 00000000 ____D () C:\Users\Jared\AppData\Local\CrashDumps
    2015-02-19 18:37 - 2015-02-19 18:37 - 00058016 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-02-19 17:20 - 2015-02-19 17:56 - 112270952 _____ (PokerStars) C:\Users\Jared\Desktop\PokerStarsInstall.exe
    2015-02-19 15:33 - 2015-02-26 23:01 - 00004812 _____ () C:\Windows\system32\PerfStringBackup.TMP
    2015-02-19 15:31 - 2015-02-26 23:04 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 15:31 - 2015-02-26 23:04 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-19 15:31 - 2015-02-19 15:31 - 00000552 _____ () C:\Windows\system32\spsys.log
    2015-02-19 15:29 - 2015-02-26 22:57 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-19 15:29 - 2015-02-26 22:56 - 00000959 _____ () C:\Windows\setupact.log
    2015-02-19 15:29 - 2015-02-19 15:29 - 00000020 ___SH () C:\Users\Jared\ntuser.ini
    2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-19 15:28 - 2015-02-19 15:29 - 00267016 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-19 15:26 - 2015-02-19 15:26 - 00000955 _____ () C:\DelFix.txt
    2015-02-19 15:26 - 2015-02-19 15:26 - 00000000 ____D () C:\Windows\ERUNT
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\ProgramData\Skype
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Skype
    2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2015-02-19 12:34 - 2015-02-26 22:57 - 00000000 ____D () C:\Users\Jared\Desktop\COM
    2015-02-19 12:21 - 2015-02-19 12:21 - 00088274 _____ () C:\Users\Jared\Documents\bookmarks_2_19_15.html
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieUserList
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieSiteList
    2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieBrowserModeList
    2015-02-19 07:20 - 2015-02-19 12:32 - 00000000 ____D () C:\Users\Jared\WORD
    2015-02-19 05:37 - 2015-02-19 06:12 - 00002707 _____ () C:\Users\Jared\Downloads\~ESETUninstaller.log
    2015-02-19 05:18 - 2015-02-19 05:19 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jared\Downloads\mbar-1.08.3.1004.exe
    2015-02-18 21:46 - 2015-02-18 21:46 - 00000010 _____ () C:\Users\Jared\Documents\pkr.txt
    2015-02-13 22:17 - 2015-02-13 22:17 - 00000000 ____D () C:\Users\Jared\Documents\Gary R
    2015-02-13 12:00 - 2015-02-13 11:59 - 00196608 _____ () C:\Users\Jared\Downloads\3D8B6B9C-0B52-4022-BD12-D8DD71DDFCCC.Diagnose.0.etl
    2015-02-12 21:51 - 2015-02-12 21:51 - 00036985 _____ () C:\Users\Jared\Documents\Appointments excel file.xlsx
    2015-02-12 14:46 - 2015-02-12 14:46 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
    2015-02-06 06:51 - 2015-02-06 06:51 - 00003573 _____ () C:\Users\Jared\Documents\17-things-to-expect-when-you-date-a-girl-whos-used-to-being-on-her-own.txt
    2015-02-05 20:16 - 2014-12-31 19:13 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-02-05 20:04 - 2015-02-05 20:04 - 00000000 ____D () C:\Users\Jared\AppData\Local\tjnet
    2015-02-05 04:57 - 2015-02-19 10:43 - 00000000 ____D () C:\Users\Jared\AppData\Local\PokerStars
    2015-02-05 04:57 - 2015-02-05 20:15 - 00000000 ____D () C:\Program Files\PokerStars
    2015-02-05 04:57 - 2015-02-05 04:57 - 00001913 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk
    2015-02-05 04:57 - 2015-02-05 04:57 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
    2015-02-04 15:31 - 2015-02-26 23:55 - 00932471 _____ () C:\Windows\WindowsUpdate.log
    2015-02-04 12:58 - 2015-02-04 12:58 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-02-04 12:47 - 2015-02-04 12:50 - 00000000 ____D () C:\Windows\erdnt
    2015-02-04 11:46 - 2015-02-04 11:46 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jared\Desktop\autoruns.exe
    2015-02-04 08:22 - 2015-02-19 06:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-04 08:22 - 2015-02-19 05:30 - 00002205 _____ () C:\Windows\epplauncher.mif
    2015-02-04 08:09 - 2015-02-04 08:20 - 00001770 _____ () C:\Users\Jared\Desktop\chrome - Shortcut.lnk
    2015-02-01 15:18 - 2015-02-04 10:02 - 00000000 ____D () C:\Windows\pss
    2015-01-30 21:37 - 2015-02-19 12:36 - 00000000 ____D () C:\ProgramData\magicJack
    2015-01-30 21:36 - 2015-02-18 02:15 - 00000953 _____ () C:\Users\Jared\Desktop\magicJack.lnk
    2015-01-30 21:36 - 2015-02-18 02:15 - 00000939 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\Jared\AppData\Local\magicJack
    2015-01-30 21:32 - 2015-02-18 02:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\mjusbsp
    2015-01-30 15:04 - 2015-02-19 06:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-30 14:49 - 2015-01-30 14:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-30 14:48 - 2015-01-30 14:48 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-30 14:44 - 2012-08-23 22:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-01-30 14:44 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-01-30 14:44 - 2012-08-23 21:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-01-30 14:44 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-01-30 14:44 - 2012-08-23 18:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-01-30 14:43 - 2015-01-30 14:43 - 00000000 ____D () C:\OETemp
    2015-01-30 14:43 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-01-30 14:43 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-01-30 14:43 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-01-30 14:43 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-01-30 14:43 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-01-30 14:43 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-01-30 14:43 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-01-30 14:43 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-01-30 14:43 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-30 14:43 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-01-30 14:43 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-01-30 14:43 - 2013-10-02 04:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-01-30 14:42 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-01-30 14:42 - 2014-07-03 03:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-01-30 14:29 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-01-29 18:53 - 2015-02-23 01:16 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype
    2015-01-29 18:53 - 2015-02-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-01-29 18:53 - 2015-02-07 04:44 - 00000000 ____D () C:\Users\Jared\AppData\Local\Skype
    2015-01-29 18:53 - 2015-02-04 11:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
    2015-01-29 18:50 - 2015-01-30 22:35 - 00001141 _____ () C:\Users\Jared\Desktop\Downloads - Shortcut.lnk
    2015-01-29 18:30 - 2015-01-29 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google
    2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Program Files\Google
    2015-01-29 18:04 - 2012-02-11 13:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2015-01-29 10:38 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2015-01-29 10:37 - 2014-11-22 09:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-01-29 10:37 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-01-29 10:37 - 2011-03-11 13:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
    2015-01-29 10:37 - 2011-03-11 13:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
    2015-01-29 10:37 - 2011-03-11 13:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
    2015-01-29 10:37 - 2011-03-11 13:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
    2015-01-29 10:37 - 2011-03-11 13:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
    2015-01-29 10:37 - 2011-03-11 13:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
    2015-01-29 10:37 - 2011-03-11 12:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-01-29 10:36 - 2014-07-09 09:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-01-29 10:36 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\system32\locale.nls
    2015-01-29 10:36 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-01-29 10:36 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-01-29 10:36 - 2011-02-25 13:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2015-01-28 12:49 - 2015-02-04 13:03 - 00000000 ____D () C:\Windows\Panther
    2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ____D () C:\Windows\system32\appraiser
    2015-01-28 03:01 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-01-28 03:01 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-01-28 03:01 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-01-28 03:01 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-01-28 03:01 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-01-28 01:36 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\Jared\AppData\Local\Apps\2.0
    2015-01-28 00:28 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-01-28 00:27 - 2013-04-10 07:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-01-28 00:21 - 2015-01-28 00:21 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Adobe
    2015-01-27 23:55 - 2015-02-19 06:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2015-01-27 23:55 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin
    2015-01-27 23:33 - 2015-01-27 23:35 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-27 22:53 - 2012-07-26 11:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2015-01-27 22:53 - 2012-07-26 11:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2015-01-27 22:53 - 2012-07-26 11:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2015-01-27 22:53 - 2012-07-26 10:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2015-01-27 22:53 - 2012-07-26 10:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2015-01-27 22:53 - 2012-06-02 22:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2015-01-27 22:51 - 2012-03-01 13:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
    2015-01-27 22:51 - 2012-03-01 13:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
    2015-01-27 22:41 - 2015-01-27 22:41 - 00000000 ____D () C:\Program Files\Microsoft.NET
    2015-01-27 22:38 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-01-27 22:38 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-01-27 22:30 - 2015-01-27 22:30 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-01-27 22:30 - 2015-01-27 22:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2015-01-27 22:30 - 2015-01-27 22:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-01-27 22:30 - 2015-01-27 22:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-01-27 22:30 - 2015-01-27 22:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-01-27 22:30 - 2015-01-27 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-01-27 22:29 - 2015-01-27 22:29 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2015-01-27 22:29 - 2015-01-27 22:29 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2015-01-27 22:28 - 2015-01-27 22:28 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2015-01-27 22:28 - 2015-01-27 22:28 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2015-01-27 22:26 - 2015-01-27 22:26 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-01-27 22:23 - 2014-12-04 12:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-01-27 22:23 - 2014-12-04 12:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-01-27 22:23 - 2014-12-02 07:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-01-27 22:22 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2015-01-27 22:22 - 2014-07-17 09:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2015-01-27 22:22 - 2014-07-17 09:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2015-01-27 22:22 - 2014-07-17 09:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2015-01-27 22:22 - 2014-07-17 09:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-01-27 22:22 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2015-01-27 22:22 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2015-01-27 22:22 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2015-01-27 22:22 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2015-01-27 22:22 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2015-01-27 22:22 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2015-01-27 22:22 - 2013-05-13 11:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2015-01-27 22:22 - 2013-05-13 11:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2015-01-27 22:22 - 2012-04-26 12:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
    2015-01-27 22:22 - 2012-04-26 12:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
    2015-01-27 22:22 - 2011-07-09 10:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-01-27 22:22 - 2011-04-27 10:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-01-27 22:22 - 2011-04-27 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-01-27 22:21 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-27 22:21 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-01-27 22:21 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-27 22:21 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-01-27 22:21 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-01-27 22:21 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-01-27 22:21 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2015-01-27 22:21 - 2014-07-14 09:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-01-27 22:21 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2015-01-27 22:21 - 2013-07-09 12:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-01-27 22:21 - 2013-06-06 12:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-01-27 22:21 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-01-27 22:21 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-01-27 22:21 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-01-27 22:21 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-01-27 22:21 - 2012-12-07 20:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2015-01-27 22:21 - 2012-12-07 20:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2015-01-27 22:21 - 2012-12-07 18:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
    2015-01-27 22:21 - 2012-12-07 18:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
    2015-01-27 22:21 - 2012-10-10 01:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2015-01-27 22:21 - 2012-10-10 01:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2015-01-27 22:21 - 2012-08-22 04:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
    2015-01-27 22:21 - 2012-06-06 13:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2015-01-27 22:21 - 2011-04-09 13:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-01-27 22:20 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-27 22:20 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-27 22:20 - 2014-11-11 09:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-01-27 22:20 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2015-01-27 22:20 - 2014-06-25 09:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-01-27 22:20 - 2014-06-03 17:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-01-27 22:20 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-01-27 22:20 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-01-27 22:20 - 2014-03-04 17:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-01-27 22:20 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-01-27 22:20 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2015-01-27 22:20 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2015-01-27 22:20 - 2013-08-02 09:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-01-27 22:20 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-01-27 22:20 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-01-27 22:20 - 2013-07-09 12:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-01-27 22:20 - 2013-07-09 12:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-01-27 22:20 - 2013-05-10 11:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-01-27 22:20 - 2012-10-04 00:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2015-01-27 22:20 - 2012-10-04 00:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2015-01-27 22:20 - 2012-10-03 23:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2015-01-27 22:20 - 2012-08-23 01:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-01-27 22:20 - 2012-07-05 03:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
    2015-01-27 22:20 - 2012-01-04 16:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2015-01-27 22:20 - 2011-11-17 13:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
    2015-01-27 22:20 - 2011-08-27 12:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
    2015-01-27 22:19 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-01-27 22:19 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-01-27 22:19 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2015-01-27 22:19 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-01-27 22:19 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-01-27 22:19 - 2014-10-10 08:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-01-27 22:19 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2015-01-27 22:19 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2015-01-27 22:19 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2015-01-27 22:19 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2015-01-27 22:19 - 2014-02-04 10:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2015-01-27 22:19 - 2014-02-04 10:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2015-01-27 22:19 - 2014-02-04 10:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2015-01-27 22:19 - 2014-02-04 10:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2015-01-27 22:19 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2015-01-27 22:19 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2015-01-27 22:19 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2015-01-27 22:19 - 2013-08-28 08:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2015-01-27 22:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-01-27 22:19 - 2013-07-03 11:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
    2015-01-27 22:19 - 2013-07-03 11:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2015-01-27 22:19 - 2013-06-26 06:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2015-01-27 22:19 - 2013-02-12 11:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2015-01-27 22:19 - 2013-01-24 12:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2015-01-27 22:19 - 2012-11-29 06:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2015-01-27 22:19 - 2012-11-29 06:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2015-01-27 22:19 - 2012-11-29 06:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2015-01-27 22:19 - 2011-06-16 12:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
    2015-01-27 22:19 - 2011-05-04 12:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
    2015-01-27 22:19 - 2011-05-04 12:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
    2015-01-27 22:19 - 2011-05-04 12:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
    2015-01-27 22:19 - 2011-05-04 12:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
    2015-01-27 22:19 - 2011-05-04 12:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
    2015-01-27 22:19 - 2011-02-23 12:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2015-01-27 22:19 - 2010-12-23 13:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-01-27 22:18 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-01-27 22:18 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-01-27 22:18 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2015-01-27 22:18 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-01-27 22:18 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-01-27 22:18 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-01-27 22:18 - 2014-06-16 09:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2015-01-27 22:18 - 2014-06-16 09:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2015-01-27 22:18 - 2014-06-16 09:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2015-01-27 22:18 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2015-01-27 22:18 - 2014-05-30 14:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-01-27 22:18 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2015-01-27 22:18 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2015-01-27 22:18 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-01-27 22:18 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-01-27 22:18 - 2014-01-28 10:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2015-01-27 22:18 - 2014-01-24 10:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2015-01-27 22:18 - 2013-11-26 19:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2015-01-27 22:18 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2015-01-27 22:18 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2015-01-27 22:18 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2015-01-27 22:18 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2015-01-27 22:18 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2015-01-27 22:18 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2015-01-27 22:18 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2015-01-27 22:18 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2015-01-27 22:18 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2015-01-27 22:18 - 2013-10-04 09:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2015-01-27 22:18 - 2013-10-04 09:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2015-01-27 22:18 - 2013-08-05 09:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2015-01-27 22:18 - 2013-07-25 16:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2015-01-27 22:18 - 2013-07-12 18:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
    2015-01-27 22:18 - 2013-07-12 18:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
    2015-01-27 22:18 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-01-27 22:18 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-01-27 22:18 - 2013-04-26 12:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2015-01-27 22:18 - 2013-03-19 11:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2015-01-27 22:18 - 2012-11-02 13:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2015-01-27 22:18 - 2012-09-26 06:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2015-01-27 22:18 - 2012-07-05 05:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2015-01-27 22:18 - 2012-07-05 05:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
    2015-01-27 22:18 - 2012-07-05 05:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
    2015-01-27 22:18 - 2012-05-14 12:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2015-01-27 22:18 - 2012-05-05 15:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-27 22:18 - 2012-03-17 15:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
    2015-01-27 22:18 - 2011-12-30 13:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2015-01-27 22:18 - 2011-12-16 15:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
    2015-01-27 22:18 - 2011-10-26 12:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-01-27 22:18 - 2011-10-15 13:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2015-01-27 22:18 - 2011-08-17 12:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
    2015-01-27 22:18 - 2011-08-17 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
    2015-01-27 22:18 - 2011-06-15 16:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
    2015-01-27 22:18 - 2011-06-15 16:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
    2015-01-27 22:18 - 2011-05-24 18:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
    2015-01-27 22:18 - 2011-05-03 12:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2015-01-27 22:18 - 2011-04-29 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2015-01-27 22:18 - 2011-04-29 10:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2015-01-27 22:18 - 2011-04-29 10:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2015-01-27 22:18 - 2011-03-11 13:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
    2015-01-27 22:18 - 2011-03-11 13:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
    2015-01-27 22:18 - 2011-03-03 13:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
    2015-01-27 22:18 - 2011-03-03 13:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
    2015-01-27 22:18 - 2011-03-03 13:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
    2015-01-27 22:18 - 2011-02-18 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
    2015-01-27 22:18 - 2010-12-23 13:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
    2015-01-27 22:18 - 2010-12-23 13:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
    2015-01-27 22:09 - 2014-10-14 09:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-01-27 22:09 - 2014-10-14 09:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-01-27 22:09 - 2014-10-14 09:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2015-01-27 22:09 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-01-27 22:09 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-01-27 22:09 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-01-27 22:09 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-01-27 22:09 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-01-27 22:09 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-01-27 22:09 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-01-27 22:09 - 2013-07-04 20:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-01-27 22:09 - 2013-02-27 12:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-01-27 22:07 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-01-27 22:07 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-01-27 21:20 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-01-27 21:20 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-01-27 21:20 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-01-27 21:20 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-01-27 21:20 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-01-27 21:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-01-27 21:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-01-27 20:58 - 2015-02-19 15:29 - 00000000 ____D () C:\Users\Jared
    2015-01-27 20:58 - 2015-02-13 09:49 - 00000000 ____D () C:\Users\Jared\AppData\Local\VirtualStore
    2015-01-27 20:58 - 2015-01-27 20:58 - 00001409 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-01-27 20:58 - 2015-01-27 20:58 - 00000000 ____D () C:\Recovery
    2015-01-27 20:58 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-27 20:58 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-26 22:44 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
    2015-02-22 04:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF
    2015-02-21 15:52 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
    2015-02-19 15:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
    2015-02-19 12:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-02-19 12:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
    2015-02-19 07:50 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini
    2015-02-19 07:24 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2015-02-19 07:16 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-02-19 06:51 - 2009-07-14 10:37 - 00000000 ____D () C:\Users\Jared\MSInfo
    2015-02-13 12:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp
    2015-02-13 12:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration
    2015-02-04 12:50 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default
    2015-02-01 15:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-01-30 19:23 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-30 14:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help
    2015-01-28 12:48 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
    2015-01-28 12:48 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
    2015-01-28 05:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-HK
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\tr-TR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-PT
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\hu-HU
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\el-GR
    2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE
    2015-01-27 21:20 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore
    2015-01-27 20:58 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => MD5 is legit
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    ==================== BCD ================================
     
    Windows Boot Manager
    --------------------
    identifier              {bootmgr}
    device                  partition=\Device\HarddiskVolume1
    description             Windows Boot Manager
    locale                  en-US
    inherit                 {globalsettings}
    default                 {current}
    resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    displayorder            {current}
    toolsdisplayorder       {memdiag}
    timeout                 30
     
    Windows Boot Loader
    -------------------
    identifier              {current}
    device                  partition=C:
    path                    \Windows\system32\winload.exe
    description             Windows 7
    locale                  en-US
    inherit                 {bootloadersettings}
    recoverysequence        {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}
    recoveryenabled         Yes
    osdevice                partition=C:
    systemroot              \Windows
    resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    nx                      OptIn
     
    Windows Boot Loader
    -------------------
    identifier              {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}
    device                  ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    path                    \windows\system32\winload.exe
    description             Windows Recovery Environment
    inherit                 {bootloadersettings}
    osdevice                ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    systemroot              \windows
    nx                      OptIn
    winpe                   Yes
     
    Resume from Hibernate
    ---------------------
    identifier              {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}
    device                  partition=C:
    path                    \Windows\system32\winresume.exe
    description             Windows Resume Application
    locale                  en-US
    inherit                 {resumeloadersettings}
    filedevice              partition=C:
    filepath                \hiberfil.sys
    pae                     Yes
    debugoptionenabled      No
     
    Windows Memory Tester
    ---------------------
    identifier              {memdiag}
    device                  partition=\Device\HarddiskVolume1
    path                    \boot\memtest.exe
    description             Windows Memory Diagnostic
    locale                  en-US
    inherit                 {globalsettings}
    badmemoryaccess         Yes
     
    EMS Settings
    ------------
    identifier              {emssettings}
    bootems                 Yes
     
    Debugger Settings
    -----------------
    identifier              {dbgsettings}
    debugtype               Serial
    debugport               1
    baudrate                115200
     
    RAM Defects
    -----------
    identifier              {badmemory}
     
    Global Settings
    ---------------
    identifier              {globalsettings}
    inherit                 {dbgsettings}
                            {emssettings}
                            {badmemory}
     
    Boot Loader Settings
    --------------------
    identifier              {bootloadersettings}
    inherit                 {globalsettings}
                            {hypervisorsettings}
     
    Hypervisor Settings
    -------------------
    identifier              {hypervisorsettings}
    hypervisordebugtype     Serial
    hypervisordebugport     1
    hypervisorbaudrate      115200
     
    Resume Loader Settings
    ----------------------
    identifier              {resumeloadersettings}
    inherit                 {globalsettings}
     
    Device options
    --------------
    identifier              {f63aa303-a6a8-11e4-bf47-ef668ac72a3d}
    description             Ramdisk Options
    ramdisksdidevice        partition=C:
    ramdisksdipath          \Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\boot.sdi
     
     
     
    LastRegBack: 2015-02-23 10:30
     
    ==================== End Of Log ============================

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     
    If VEW is not working then Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Click on System.  Right click and Save All Events As.  To your desktop.  Syslog
     
    Repeat for Applications but call it AppLog.  If the file is not bigger than 2 meg you should be able to attach them on separate posts tho you will probably need to rename the extension from .evtx to .txt

    • 0

    #15
    stanleybeast

    stanleybeast

      Member

    • Topic Starter
    • Member
    • PipPip
    • 14 posts

    Nothing happens when I hit check now. 

     

    When I click manage it says service cannot be started  cuz its disabled or cuz it has no enabled devices associated with it..

     

    Same with CMD.exe and msconfig.. the inf file in safe mode don't work when booted in normal


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Virus, Malware, Trojan, Over Certified Hacker

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP