[stanleybeast]

Hi 

 

I read this post you did with a guy, http://www.geekstogo...r-is-very-slow/

 

I will say first and foremost, I HOPE YOU CAN HELP ME as I have win 7 32 500gig desktop, 1600gig vista 64 bit laptop, and 200gig desktop running win 7 32 bit and all there files are kriss kross over MAINLY, the guy who is I think the one behind it(His HUGE extensive credentials are at the latter of this message.

 

 

 

I have a win 7 32 bit OEM home basic OS which when I bought it 4 yrs ago, never had the SP1 on the cd installation. Somehow, by the cd being in my cd rom, and with a 1000gig tera byte having 3 different comp back ups on it, , I THINK, my gf and her sister got a load of nasty McNASTY viruses and malware, ad-ware, Trojans from bit commit(movies) and so, unannounced to me, using it in 3 diff comp's passed around the nasty [bleep] to all 3 comps, and I believe it corrupted all 3 back up folders as after a few months, all 3 comps would be acting weird( NO event notifications anymore, seemed dcom and com+ now have way too many diff services running under it,I have a win 7 32 bit OEM home basic OS which when I bought it 4/5 yrs ago, and the genuine MS disk never had SP1 on the cd installation but does now and it was unwritable for me so that's odd..  With new OS came all self picked new hardware. 

 

1) Somehow, by the cd being in my cd rom, and also the USB external terabyte having 3 different computer folder back ups on it and anything and everything bad that p2p free sites have,  passed around the nasty stuff to all 3 comps. I believe it corrupted all 3 back up folders as after a few months, all 3 comps would be acting weird.

 

2) Noticing that folders were bloated, windows folder had way more folders and also files in that root dir which i learned is for reote accessing them if you need help, I NEVR..NO event notifications n reports anymore. Dcom and com+ now have way too many new, diff and dependant on rpcc heavily services running under it, and assembliles with msil or 86x and a low # version and a high verion of the same one plus 3rd n 4th version with random numbers and the assembly name

 

3) Programs not working or also in properties it started loosing it description info, like it had been modified to work in a stream not on my comp. Also a big variety of file versions for SP1 changed to non genune versions, 6.1.7601.17514 too 6.1.7600.13585 and more

 

5) Chrome had multi versions to run thru like an md-Dos program so it could have a long url paths leading to diff exe files,com files, dat and bat and cab files,  problem with js/java/metadata files recording every thing from typed in gmail address too yahoo mail, skype, saved docs n pics if made that day/ 40 ish keyboard KBD??.Search results in chrome were always showing odd weird url's in the top 40 results,( url's like r.blog.672j=%fcache or  all results for blogs, and forums, and virus scanner site saying everything I searched that I never saw before was a virus,or possible one or infection  which cant be...

 

6) Couldnt get updates from MS sites nor update my certs,(it would get them from a folder on my comp that was pre made to look crypto and from microsoft,  ton of active x installed, scripts stuck in long before boot mgr so if I did a new intsall it was same thing over again. 

 

7) Api down level, minor/major versions, and api core stuff, xlms schema scripts that sinks apps to a lower vulnerable version,blackbox.dll(sp2 its for, never had that) properties of any given file will have compatibility mode anything else but win 7, grayed out, as if it was run in that version) 30-40 c_ (number).

 

8) NLS files AND 30 ish Nlsdata@#$.dll files, which are all compiled together to make a cisco virtual platform, hidden from view with side gadgets I think) , google wont update,redir virus I think,  all downloaded programs auto blocked in properties as it might have come from a diff comp, // few diff odbc .dll files, ole, olea32, oleahooks, IE 11, active x scripting/ windows NT registry corrupt I think too, because a program I use a few months back allowed you to modify the win NT reg and it said entries in red are suspicious and that was at least 75% of the folders.

 

OMG!!!!!!!!!!!

 

 

I just found a site, ironically,  and the guy sounds like ME!!!!!!!!!!!!!!!!!!!!!!!!!!!! http://www.computing...nfig/34472.html

 

If you read this, this is exactly what I have been going through since june/july last yr. 

 

 

My remoter/hackers extensive IT CREDENTIALS ARE AS FOLLOWS:

 

 

 

 

I am looking for a challenging and rewarding career, a full time opportunity, where I may apply my solid experience, strong interpersonal skills, utilize my ability to work under pressure to meet projects� deadlines, establish myself as a leading IT professional. I have extensive knowledge of installing, maintaining and troubleshooting Microsoft Servers and clients, Symantec Backups, network monitoring, Cisco and Sonicwall, LAN and WAN hardware.

Experience

 

Systems Admin

* Managing a web-based VPS server running on CentOS which hosts multiple websites

* Creating and managing websites on the VPS server

* Configuring email accounts and managing disk space on the server 

* Setting up Kiosk machines and installing WAMP and other Kiosk softwares to run

* Providing support to end users, setting up their user�s profiles and outlook profiles

* Going onsite and resolving user�s issues in Barrie area

* Cloning drives using Norton Ghost and Acronis TrueImage

* Backing up data using Acronis TrueImage

 

Network Administrator

* Maintaining, supporting, and administering Windows 2003 and 2008 server environment

* Managing users, profiles, and groups through Active Directory

* Maintaining and/or replacing server hardware components

* Installing and configuring new server operating systems and patches

* Managing Watchguard firewall, upgrading firmware, defining policies and proxy rules, securing the network using web-blocker, spam-blocker and anti-virus, and enable logging

* Setup automated server backups and perform restores on demand using Symantec Backup Exec

* Managing and maintaining E-mail accounts in smartermail, and sharing contacts and other information

* Maintenance and replacement of blackberrys, Iphones, android devices and pagers

* Ensure reliable network connectivity between the print server, printers, and user workstations

* Installing and testing WSUS deploy regular updates to users

* Setup managed anti-virus solution and schedule updates and scans to user�s computers

* Managing users phones through the phone server

* Providing technology support and help desk services to end users

* Maintaining software licenses and keeping track of hardware warranty

* Ordering and keeping track of toners used by the users

 

 

IT Consultant

* Recovered the dead domain controller server and recovered all the users and settings 

* Removed the existing routers, and installed and configured new Cisco router with firewall

* Removed the old switch and installed and configured new Netgear managed switch with VLANs

* Backed up the existing domain, removed it, installed new domain with a different name, imported 

the users, and all the settings and joined the computers to the new domain

* Built Raid drives to provide redundancy to the data and secure the server

* Configured the IP phones to work on a different VLAN than the computers

* Installed network monitoring tool and setup alerts

* Managed user accounts, windows profiles and setup file sharing

* Provided support to users on other network and systems related issues

 

Desktop Support Engineer

* Created and managed virtual servers using VMware and HyperV

* Setup user accounts to access the required resources using Group Policies

* Setup watchguard firewall and added policies according to the access required

* Setup security features on firewall such as Intrusion prevention and gateway antivirus

* Created VPN access for users to connect through the watchguard firewall

* Provided consultancy and remote support to end users

* Troubleshoot issues and create service requests

* Create and manage users via Active Directory

* Install and upgrade advance applications e.g. IMIS 10 and 15

* Monitor logs and alerts to maintain system uptime

 

 

Systems Engineer

* Managed perimeter devices such as routers, firewalls and switches of all clients

* Managed backbone servers including Windows and few Linux servers

* Managed Active Directory domain and configured DC and ADC including multiple domain forest 

* Worked with Exchange servers, managed users and troubleshooted issues related to the server

* Provided consultancy and remote support to end user�s system issues to troubleshoot

* Server and work station maintenance and conducted daily data backup job

* Provided support for Blackberry, iPhone, Smartphones, Palm, etc. and manage users via BES server

* Dealt with the exchange servers and offsite email servers, mail bagging, and mailbox recovery 

* Managed firewalls for clients which included Cisco ASA and PIX firewall and Sonicwall devices

* Managed Citrix Presentation Server and XenApp and managed users and remote apps 

* Remotely connected to user�s computers via Logmein and Teamviewer and resolved issues

* Experience with Blackberry devices and Blackberry Enterprise Server.

* Work with Exchange clusters, SQL clusters, IIS, Blackberry Enterprise server, and file servers. 

* Troubleshoot local or network printing and internet issues

 

Certified Engineering Technologist

Ontario Association of Certified Engineering Technicians and Technologists (OACETT), License 873328

April 2014 � Present

CCNA (Voice)

Cisco

February 2014 � February 2017

MCSA (Windows Server 2012)

Microsoft

January 2014 � Present

MCP (Windows Server 2012)

Microsoft

December 2013 � Present

CCNA (Routing and Switching)

Cisco

March 2011 � March 2017

MCTS (Windows 7)

Microsoft

November 2010 � Present

MCSA (Windows Server 2003)

Microsoft

November 2010 � Present

 

 

 

Now, does it seem like all my issues directly coinsides with his work experience? It does right? I really need the info/proof that its him but he is way to smart for me. I cant even open anything now, like anything in %system32%, cmd, mmc, regedit, task mgr, nothing.. 

 

These are in registry that stood out from a quick browse of it....

 

sessionmanager- Dos devices ->> 

aux-> \DosDevices\Com1

MAILSLOT-> \Device\Mailslot

NULL-> \Device\Null

PIPE--> \Device\NamedPipe

PRN--> \DosDevices\LPT1

UNC--> \Device\Mup

 

session mgr\subsystems\

default --> mnmsrvc

Debug-->empty

Kmode--> \SystemRoot\System32\win32k.sys

optional--> Posix

Posix-->%SystemRoot%\system32\psxss.exe

Required--> debug windows

windows--> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 

session mgr\subsystems\CSRSS

CsrSrvSharedSectionBase --> vaslue data being 7f6f0000

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Logging\STICLI--Default -->> Still Image Client Application 

Level-->4

 

stillimage\logging\STIMON -> Default is Still Image Monitoring Process

level-4

 

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\ServerSettings ShutdownIfUnusedDelay --> 0x0000001e (30)

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StillImage\Trace

DefaultEnableObjectTracking-->0x0000001 (1)

DefaultMaxTraceArraySize-->> 0x0000000a (10)

 

Sti.DLL AND sti_ci.dll and wiaservc.dll all have enabledobjecttracking 0x0000001(1)

 

 

Also, FYI, we have a Iphone5 here and also a black berry and with our dsl package is also

our phone, and the phone is from the pad family, and it got rooted one day out of no where, shortly after my first back up restore from the terabyte for all 3 comps, and even if I did a clean install, it would still be same "false" if new install OS/make flag=os old install  bullcrap flags n scripts in before the boot mgr OR, what I think also is this guy has spot to enter blue tooth script to the comps from the wireless telpad.. I really need help to get him gone and with proof left behind it was him.. 

 

I have google drive folders with files from since june last yr, and everytime I got close to getting somewhere with it, I would wake up, turn it on and it be system restored right back, or even if I let the comp sleep, you could hear it working hard and un doing any changes I did. So my worries is, if  we're going to do this comp, I will stay at it flat out straight for the half day Runner, get it to where you know it wont system restore from a cloud service or when comp shuts down or sleeps cause I can use one of the others while we fix it. So will hit it hard now?

 

 

 

I can't run otl file Runner  because it says "the service cant be started either because  it is disabled  or because  it has no enabled  devices  associated with it.. Skype works, chrome does.. poker stars doesnt MSE is installed but cant be found though i see it in programs and features. Magicjack, net framework 4.5.2 also installed. Removed nvidia drivers as full of bad drivers. no java installed either or adobe.

 

I wait your fix on the OTL problem

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

[Advertisements]

See if you can run any of these:

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[RKinner]

See if you can run any of these:

 

 

Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

 

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

 

Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

 

 

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

 

The report will be saved in the C:\AdwCleaner folder.

 

 

 

Junkware-Removal-Tool

 

Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

• Pause your anti-virus.  Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 

 

•  

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 

Press Scan button. 

It will produce a log called FRST.txt in the same directory the tool is run from.  

Please copy and paste log back here. 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

[stanleybeast]

Same problem again with all of them. The one tool that I had on the comp that works still is autorunsexe. I do still have the tests from ccombo fix, jrt txt, and an eset uninstaller txt  I did on the 19th if you want to see them, and also  junk txt and jumk.txt that I did on the  12th. 

Do you want me to post those and also do a autorun scan? I don't know what's on the go with this now,.

[RKinner]

Have you tried in Safe Mode with networking?

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 

Also try otl.com and otl.scr and see if either will work.  Available on this page: 

http://www.geekstogo...timers-list-it/

 

You can also get a FRST scan if you have a USB drive:

 

http://www.geekstogo...l/#entry2151691

[stanleybeast]

I downloaded  otl, rkill, farbar recovery, minitool box, rougekiller, TFC, adwcleaner, CCleaner, JRT, Delfix, autoruns, malwarebytes anti exploit and anti rootkit, hitman pro, super anti spyware, all the exe version, 

 

hijack this.msi,

 

Downloaded them unto a usb from a different computer. I noticed when it was waiting to open the download window I saw it say " waiting on bleeping comp, than anoother  url said g.google. clickads or something and one url after that one was walkerzombie.. not sure if they are causing the downloads to not come from the site or from a cloud service, but i did click on the "download now@bleepingcompuer logo on every one. Don't bleeping computer have the downloads on a cloudfare? so they should not be contaminated right?

 

 

I don't think the safe mode option will work to solve the issue as well because I see the safe mode loading options in the registry to be modified to included drivers and services that should not be loaded. I won't plug in the usb into this computer until you give me which programs to start with first so we hit this right the first time. 

 

Also, please note, do I have to unblock these programs before I run them, under properties it says this application may come from a diff program and be blocked for your protection"... My thoughts were that if I unblock it first, this might be what the virus/hacker want so a script can be inserted right before running.. 

[RKinner]

Did you try otl.com or otl.scr?  If you have to unblock them then go ahead.  You are already infected so it's not going to bet much worse and I need at least one current scan so I can see what is going on.

 

Go ahead and post any logs you have.  Autoruns' log is usually too big for the forum so you need to zip it up and attach it.

 

The FRST scan from a USB is probably your best bet if you can create the bootable USB on a separate clean computer.

[stanleybeast]

combo fix txt would not uopload, did it manually,

 

ComboFix 15-02-16.01 - Jared 02/19/2015   7:45.2.2 - x86

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.1.1033.18.3327.2417 [GMT 8:00]

Running from: c:\users\Jared\Desktop\ufcom.exe

AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ar\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\bg\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ca\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\cs\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\da\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\de\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\el\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\en\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\es\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\fi\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\fr\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\he\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\hr\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\hu\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\id\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\it\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ja\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ko\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\nb\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\nl\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pl\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pt_BR\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\pt_PT\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ro\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\ru\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sk\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sl\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sr\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\sv\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\te\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\tr\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\uk\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\vi\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\zh_CN\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_locales\zh_TW\messages.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_metadata\computed_hashes.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\_metadata\verified_contents.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\adblock_start_chrome.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\adblock_start_common.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\background.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\bandaids.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.css

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\popup.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\search\search.css

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\button\search\search.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\CHANGELOG.txt

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\checkupdates.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\chrome_oauth_receiver.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\chrome_oauth_receiver.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\dropbox-datastores.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\domainset.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filternormalizer.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filteroptions.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filterset.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\filtertypes.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\filtering\myfilters.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\functions.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\idlehandler.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\delete.gif

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox1.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox2.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\dropbox3.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\facebook-sprite.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\gifloader.gif

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\gplus-sprite.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon128.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon16.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon16_grayscale.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\[email protected]

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19-grayscale.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19-whitelisted.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon19.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon24.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon32.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38-grayscale.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38-whitelisted.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon38.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\icon48.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\logo.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\check.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\magnifying_glass.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-engine-card_no-shadow.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-engine-icons.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search-omnibox-card_no-shadow.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\search\search_engine_select_arrow.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\img\twitter-sprite.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-icons_056b93_256x240.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\images\ui-icons_d8e7f3_256x240.png

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\jquery-ui.custom.css

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\css\override-page.css

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery-ui.custom.min.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery.cookie.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\jquery\jquery.min.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\LICENSE

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\manifest.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\customize.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\customize.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\filters.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\filters.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\general.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\general.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\index.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\index.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\options.css

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\support.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\options\support.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\adreport.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\adreport.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\resourceblock.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\resourceblock.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\subscribe.html

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\pages\subscribe.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\port.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\README.markdown

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\focus.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\incognito.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\pitchpage.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\search-plus-one.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\secure_reminder.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\search\serp.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\stats.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\translators.json

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\blacklistui.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\clickwatcher.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\elementchain.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\overlay.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\blacklisting\rightclick_hook.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\load_jquery_ui.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\send_content_to_back.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\top_open_blacklist_ui.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\uiscripts\top_open_whitelist_ui.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.18_0\ytchannel.js

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage

c:\users\Jared\AppData\Local\Google\Chrome\User Data\Default\Preferences

c:\windows\system32\spsys.log

.

.

(((((((((((((((((((((((((   Files Created from 2015-01-18 to 2015-02-18  )))))))))))))))))))))))))))))))

.

.

2015-02-18 23:50 . 2015-02-18 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2015-02-18 22:13 . 2015-02-18 22:13 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEBD94C8-3E13-4C6B-98F5-47D546740E24}\MpKsl889ff405.sys

2015-02-17 18:11 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEBD94C8-3E13-4C6B-98F5-47D546740E24}\mpengine.dll

2015-02-16 00:37 . 2014-12-01 19:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2015-02-13 10:08 . 2015-02-13 10:08 43152 ----a-w- c:\windows\avastSS.scr

2015-02-13 09:53 . 2015-02-13 10:00 -------- d-----w- c:\programdata\AVAST Software

2015-02-13 04:32 . 2015-02-04 00:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2015-02-13 04:32 . 2015-02-04 00:27 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B0775937-AE0C-4546-88DF-3093FC19E589}\gapaengine.dll

2015-02-12 06:46 . 2015-02-12 06:46 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys

2015-02-05 12:16 . 2014-12-31 11:13 249488 ------w- c:\windows\system32\MpSigStub.exe

2015-02-04 20:57 . 2015-02-05 12:15 -------- d-----w- c:\program files\PokerStars

2015-02-04 03:53 . 2015-02-04 04:07 -------- d-----w- c:\programdata\HitmanPro

2015-02-04 00:22 . 2015-02-18 22:44 -------- d-----w- c:\program files\Microsoft Security Client

2015-02-01 06:52 . 2015-02-01 06:52 -------- d-----w- c:\programdata\CSIS

2015-01-30 22:00 . 2014-12-14 20:13 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA28A1DE-BE9D-4AA6-A0CA-8152716A2E03}\mpengine.dll

2015-01-30 13:37 . 2015-01-30 13:37 -------- d-----w- c:\programdata\magicJack

2015-01-30 07:04 . 2015-02-18 22:20 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2015-01-30 07:04 . 2015-01-30 07:04 -------- d-----w- c:\programdata\RogueKiller

2015-01-30 07:02 . 2015-01-31 09:09 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit

2015-01-30 06:53 . 2015-02-18 16:54 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin

2015-01-30 06:49 . 2015-01-30 06:49 -------- d-----w- c:\programdata\Malwarebytes

2015-01-30 06:49 . 2015-01-30 06:55 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2015-01-30 06:49 . 2015-01-30 06:49 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-01-30 06:48 . 2015-01-30 06:48 82648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2015-01-30 06:44 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2015-01-30 06:44 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2015-01-30 06:44 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll

2015-01-30 06:44 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll

2015-01-30 06:44 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll

2015-01-30 06:42 . 2014-07-02 19:42 4389848 ----a-w- c:\windows\system32\nvcpl.dll

2015-01-30 06:42 . 2014-07-02 19:42 3063256 ----a-w- c:\windows\system32\nvsvc.dll

2015-01-30 06:42 . 2014-07-02 19:42 670552 ----a-w- c:\windows\system32\nvvsvc.exe

2015-01-30 06:42 . 2014-07-02 19:42 62936 ----a-w- c:\windows\system32\nvshext.dll

2015-01-30 06:42 . 2014-07-02 19:42 377288 ----a-w- c:\windows\system32\nvmctray.dll

2015-01-30 06:42 . 2014-07-02 19:42 2556360 ----a-w- c:\windows\system32\nvsvcr.dll

2015-01-30 06:42 . 2014-08-19 14:16 61728 ----a-w- c:\windows\system32\OpenCL.dll

2015-01-30 06:42 . 2015-01-30 06:43 -------- d-----w- c:\programdata\NVIDIA Corporation

2015-01-30 06:29 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe

2015-01-29 10:53 . 2015-02-04 03:42 -------- d-----w- c:\programdata\Skype

2015-01-29 10:28 . 2015-01-29 10:30 -------- d-----w- c:\program files\Google

2015-01-29 10:04 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2015-01-29 02:38 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2015-01-29 02:37 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys

2015-01-29 02:37 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys

2015-01-29 02:37 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys

2015-01-29 02:37 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys

2015-01-29 02:37 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll

2015-01-29 02:37 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe

2015-01-29 02:37 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2015-01-29 02:37 . 2014-11-22 01:48 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2015-01-29 02:36 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll

2015-01-29 02:36 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe

2015-01-29 02:36 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL

2015-01-29 02:36 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL

2015-01-29 02:36 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll

2015-01-28 04:49 . 2015-02-04 05:03 -------- d-----w- c:\windows\Panther

2015-01-27 21:25 . 2015-01-27 21:25 -------- d-s---w- c:\windows\system32\CompatTel

2015-01-27 21:25 . 2015-01-27 21:25 -------- d-----w- c:\windows\system32\appraiser

2015-01-27 19:01 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll

2015-01-27 19:01 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll

2015-01-27 19:01 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe

2015-01-27 19:01 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe

2015-01-27 19:01 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll

2015-01-27 16:28 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2015-01-27 16:27 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll

2015-01-27 15:55 . 2010-08-09 14:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin

2015-01-27 15:55 . 2015-02-18 22:47 -------- d-----w- c:\program files\NVIDIA Corporation

2015-01-27 15:33 . 2015-01-27 15:35 -------- d-----w- c:\windows\system32\MRT

2015-01-27 14:53 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2015-01-27 14:53 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2015-01-27 14:53 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2015-01-27 14:53 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2015-01-27 14:53 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll

2015-01-27 14:53 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2015-01-27 14:53 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2015-01-27 14:51 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2015-01-27 14:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2015-01-27 14:41 . 2015-01-27 14:41 -------- d-----w- c:\windows\Migration

2015-01-27 14:41 . 2015-01-27 14:41 -------- d-----w- c:\program files\Microsoft.NET

2015-01-27 14:38 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2015-01-27 14:38 . 2013-05-10 03:48 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2015-01-27 14:29 . 2015-01-27 14:29 231424 ----a-w- c:\windows\system32\mswsock.dll

2015-01-27 14:29 . 2015-01-27 14:29 49152 ----a-w- c:\windows\system32\taskhost.exe

2015-01-27 14:26 . 2015-01-27 14:26 1505280 ----a-w- c:\windows\system32\d3d11.dll

2015-01-27 14:23 . 2014-12-04 04:38 337920 ----a-w- c:\windows\system32\generaltel.dll

2015-01-27 14:23 . 2014-12-04 04:38 610304 ----a-w- c:\windows\system32\invagent.dll

2015-01-27 14:23 . 2014-12-04 04:38 315392 ----a-w- c:\windows\system32\devinv.dll

2015-01-27 14:23 . 2014-12-04 04:38 159744 ----a-w- c:\windows\system32\aepic.dll

2015-01-27 14:23 . 2014-12-04 04:34 873984 ----a-w- c:\windows\system32\aeinv.dll

2015-01-27 14:23 . 2014-12-01 23:28 1160872 ----a-w- c:\windows\system32\aitstatic.exe

2015-01-27 14:23 . 2014-12-04 04:38 202752 ----a-w- c:\windows\system32\aepdu.dll

2015-01-27 14:21 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2015-01-27 14:20 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\system32\crypt32.dll

2015-01-27 14:19 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys

2015-01-27 14:18 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll

2015-01-27 14:09 . 2014-10-14 01:56 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2015-01-27 14:09 . 2014-10-14 01:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll

2015-01-27 14:09 . 2013-07-04 12:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys

2015-01-27 14:09 . 2014-10-14 01:50 523776 ----a-w- c:\windows\system32\termsrv.dll

2015-01-27 14:09 . 2014-10-14 01:47 146432 ----a-w- c:\windows\system32\msaudite.dll

2015-01-27 14:09 . 2014-10-14 01:46 681984 ----a-w- c:\windows\system32\adtschema.dll

2015-01-27 14:09 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2015-01-27 14:09 . 2014-04-12 02:12 15872 ----a-w- c:\windows\system32\sspisrv.dll

2015-01-27 14:09 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll

2015-01-27 14:09 . 2014-04-12 02:12 22016 ----a-w- c:\windows\system32\secur32.dll

2015-01-27 14:09 . 2014-04-12 02:11 22528 ----a-w- c:\windows\system32\lsass.exe

2015-01-27 14:09 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll

2015-01-27 14:07 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll

2015-01-27 14:07 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll

2015-01-27 14:07 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll

2015-01-27 14:07 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll

2015-01-27 14:07 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe

2015-01-27 13:20 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll

2015-01-27 13:20 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe

2015-01-27 13:20 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll

2015-01-27 13:20 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll

2015-01-27 13:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll

2015-01-27 13:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll

2015-01-27 13:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll

2015-01-27 13:20 . 2014-05-14 01:23 179656 ----a-w- c:\windows\system32\wuwebv.dll

2015-01-27 13:20 . 2014-05-14 01:17 33792 ----a-w- c:\windows\system32\wuapp.exe

2015-01-27 13:13 . 2015-02-04 03:42 -------- d-sh--w- c:\windows\Installer

2015-01-27 12:58 . 2015-02-13 04:21 -------- d-----w- c:\users\Jared

2015-01-27 12:58 . 2015-01-27 12:58 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]

2014-07-04 16:55 51592 ----a-w- c:\users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MGNWRDBQ

*NewlyCreated* - MPKSL889FF405

*NewlyCreated* - NTKFZGEB

*Deregistered* - aswHwid

*Deregistered* - aswNdisFlt

*Deregistered* - aswStm

*Deregistered* - mgnwrdbq

*Deregistered* - ntkfzgeb

*Deregistered* - TrueSight

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-02-04 00:20 1086280 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)

AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe

AddRemove-NVIDIA Drivers - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

AddRemove-NVIDIAStereo - c:\program files\NVIDIA Corporation\3D Vision\nvStInst.exe

AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL

AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL

AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.{E7E9AFFA-3599-48FE-80C4-88F1DE6C121C}\NVI2.DLL

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2015-02-19  07:51:20

ComboFix-quarantined-files.txt  2015-02-18 23:51

.

Pre-Run: 138,164,621,312 bytes free

Post-Run: 138,139,095,040 bytes free

.

- - End Of File - - 821940A5FCE9D2036E181A23F40CE032

A36C5E4F47E84449FF07ED3517B43A31

auto runs test is the only one that would run from the usb, same error with all the rest. JRT n combo fix tests are from the 19th

Attached Files

•  autoruns.zip   61.04KB   385 downloads
•  combo fix result.txt   33.94KB   205 downloads
•  ComboFix-quarantined-files.txt   33.85KB   192 downloads
•  JRT.txt   631bytes   154 downloads

[RKinner]

Autoruns.zip file says it is empty when I try to extract it.

 

Run Autoruns again and see if you can find these drivers or services:

 

 MGNWRDBQ

 MPKSL889FF405

 NTKFZGEB

 mgnwrdbq

ntkfzgeb

 

If you find any, uncheck them. Close Autoruns and reboot.

 

Try renaming combofix.exe to explorer.exe and see if it wants to run.

 

Can you get a boot log?

 

Follow the procedure on http://www.techrepub...lp-of-msconfig/

When you get to Step 3 Substep 2.  Copy and paste the text from Notepad into a reply.

 

(If you get a pop up just click on No Thanks I know everything)

 

[stanleybeast]

Tried renaming it, same error as before. 

 

Did not find any of those as drivers or services, just that a lot of the  drivers n services are not microsoft certified.

 

Can't open msconfig or cmd.exe or anything of that nature, same error as when trying to run any programs. I will try this in safe mode, brb

[stanleybeast]

Safe mode I was able to do frst scan.  Couldnt do combo fix as it says MS security essentials running and  search wont show it, and I did elevated cmd command to stop it, access denied, and tried it also with super admin, same thing. I disabled sure user and did frst scan. here are the results.

 

addition txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01

Ran by Jared at 2015-02-26 22:52:21

Running from E:\

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

magicJack (HKU\S-1-5-21-289597471-917399791-413522533-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)

Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-02-04 12:10 - 2015-02-19 07:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Loaded Modules (whitelisted) ==============

 

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-289597471-917399791-413522533-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: HitmanProScheduler => 2

MSCONFIG\startupreg: cdloader => "C:\Users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-289597471-917399791-413522533-500 - Administrator - Disabled)

Guest (S-1-5-21-289597471-917399791-413522533-501 - Limited - Disabled)

Jared (S-1-5-21-289597471-917399791-413522533-1000 - Administrator - Enabled) => C:\Users\Jared

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode

.

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:06:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

 

System errors:

=============

Error: (02/26/2015 10:52:21 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

 

Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

 

Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (02/26/2015 10:44:08 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (02/26/2015 10:44:07 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (02/26/2015 10:44:02 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (02/26/2015 10:43:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 

%%1068

 

Error: (02/26/2015 10:43:59 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (02/26/2015 10:43:55 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )

Description: %%860 Real-Time Protection feature has encountered an error and failed.

 

Feature: %%834

 

Error Code: 0x8007043c

 

Error description: This service cannot be started in Safe Mode 

 

Reason: %%858

 

 

Microsoft Office Sessions:

=========================

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 009120200000000000000AF000000

 

Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 009120200000000000000AF000000

 

Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

Error: (02/26/2015 10:08:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 009120200000000000000AF000000

 

Error: (02/26/2015 10:06:10 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-26 22:42:06.107

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:34:20.638

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:22:56.721

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:16:59.881

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:03:35.647

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 16:00:13.409

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 15:40:23.453

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 10:46:11.220

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 09:57:02.983

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 09:51:34.323

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD Athlon™ II X2 250 Processor

Percentage of memory in use: 13%

Total physical RAM: 3327.23 MB

Available physical RAM: 2888.77 MB

Total Pagefile: 6652.74 MB

Available Pagefile: 6241.75 MB

Total Virtual: 2047.88 MB

Available Virtual: 1886.9 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:146.39 GB) (Free:127.78 GB) NTFS

Drive d: (D) (Fixed) (Total:319.27 GB) (Free:318.78 GB) NTFS

Drive e: (IMATION USB) (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61A7D6A5)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1.9 GB) (Disk ID: F20DB7B1)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

 

==================== End Of Log ============================

 

 

FRST txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01

Ran by Jared (administrator) on JARED-PC on 26-02-2015 22:51:41

Running from E:\

Loaded Profiles: Jared (Available profiles: Jared)

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-289597471-917399791-413522533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File

 

Chrome: 

=======

CHR HomePage: Profile 2 -> hxxp://www.google.com

CHR StartupUrls: Profile 2 -> "hxxp://google.com/"

CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]

CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]

S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed]

S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-01-27] (Microsoft Corporation) [File not signed]

S2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]

S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]

R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]

S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]

S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]

S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]

S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]

S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-12] ()

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]

S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]

S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]

S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-02] (Microsoft Corporation) [File not signed]

S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]

S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]

S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]

R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Jared\AppData\Local\Temp\catchme.sys [X]

S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]

 

========================== Drivers MD5 =======================

 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B

C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05

C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\hitmanpro37.sys 43DC78987ECB5FD270170A0F99A61047

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E

C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252

C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25

C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC

C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA

C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC

C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B

C:\Windows\System32\DRIVERS\nvlddmkm.sys B0881DDA5A8160422561FFAB7F0008B1

C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8

C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0

C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B

C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6

C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46

C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB

C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3

C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463

C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF

C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46

C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041

C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6

C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A

C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97

C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A

C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 22:51 - 2015-02-26 22:51 - 00000000 ____D () C:\FRST

2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ___SD () C:\32788R22FWJFW

2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ____D () C:\Qoobox

2015-02-26 22:06 - 2015-02-26 22:06 - 00062506 _____ () C:\Users\Jared\Desktop\autoruns.zip

2015-02-24 10:01 - 2015-02-24 10:01 - 02126848 _____ () C:\Users\Jared\Desktop\AdwCleaner.exe

2015-02-23 10:11 - 2015-02-23 10:11 - 06381796 _____ () C:\Users\Jared\Desktop\java scirpt funny sutfft.txt

2015-02-23 09:22 - 2015-02-23 09:23 - 00001201 _____ () C:\Users\Jared\Desktop\cmd.exe.lnk

2015-02-23 01:16 - 2015-02-23 01:16 - 00003470 _____ () C:\Users\Jared\Desktop\skype sharedxml file.txt

2015-02-22 20:51 - 2015-02-22 20:51 - 00026972 _____ () C:\Users\Jared\Desktop\geek.txt

2015-02-22 05:29 - 2015-02-22 05:29 - 00000000 ____D () C:\Users\Jared\AppData\Local\CrashDumps

2015-02-19 19:56 - 2015-02-19 19:56 - 00313903 _____ () C:\Users\Jared\Desktop\Windows6.1-KB975467-x86.msu

2015-02-19 19:56 - 2015-02-19 19:56 - 00207752 _____ () C:\Users\Jared\Desktop\Windows6.1-KB974571-x86.msu

2015-02-19 19:55 - 2015-02-19 19:57 - 16685427 _____ () C:\Users\Jared\Desktop\Windows6.1-KB974431-x86.msu

2015-02-19 19:55 - 2015-02-19 19:55 - 00188835 _____ () C:\Users\Jared\Desktop\Windows6.1-KB973525-x86.msu

2015-02-19 18:37 - 2015-02-19 18:37 - 00058016 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT

2015-02-19 17:20 - 2015-02-19 17:56 - 112270952 _____ (PokerStars) C:\Users\Jared\Desktop\PokerStarsInstall.exe

2015-02-19 15:33 - 2015-02-26 22:48 - 00004812 _____ () C:\Windows\system32\PerfStringBackup.TMP

2015-02-19 15:31 - 2015-02-26 22:10 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-19 15:31 - 2015-02-26 22:10 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-19 15:31 - 2015-02-19 15:31 - 00000552 _____ () C:\Windows\system32\spsys.log

2015-02-19 15:29 - 2015-02-26 22:42 - 00000903 _____ () C:\Windows\setupact.log

2015-02-19 15:29 - 2015-02-26 22:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-19 15:29 - 2015-02-19 15:29 - 00000020 ___SH () C:\Users\Jared\ntuser.ini

2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-19 15:28 - 2015-02-19 15:29 - 00267016 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-19 15:26 - 2015-02-19 15:26 - 00000955 _____ () C:\DelFix.txt

2015-02-19 15:26 - 2015-02-19 15:26 - 00000000 ____D () C:\Windows\ERUNT

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\ProgramData\Skype

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Skype

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype

2015-02-19 12:34 - 2015-02-22 09:24 - 00000000 ____D () C:\Users\Jared\Desktop\COM

2015-02-19 12:21 - 2015-02-19 12:21 - 00088274 _____ () C:\Users\Jared\Documents\bookmarks_2_19_15.html

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieUserList

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieSiteList

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieBrowserModeList

2015-02-19 07:20 - 2015-02-19 12:32 - 00000000 ____D () C:\Users\Jared\WORD

2015-02-19 05:37 - 2015-02-19 06:12 - 00002707 _____ () C:\Users\Jared\Downloads\~ESETUninstaller.log

2015-02-19 05:18 - 2015-02-19 05:19 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jared\Downloads\mbar-1.08.3.1004.exe

2015-02-18 21:46 - 2015-02-18 21:46 - 00000010 _____ () C:\Users\Jared\Documents\pkr.txt

2015-02-13 22:17 - 2015-02-13 22:17 - 00000000 ____D () C:\Users\Jared\Documents\Gary R

2015-02-13 12:00 - 2015-02-13 11:59 - 00196608 _____ () C:\Users\Jared\Downloads\3D8B6B9C-0B52-4022-BD12-D8DD71DDFCCC.Diagnose.0.etl

2015-02-12 21:51 - 2015-02-12 21:51 - 00036985 _____ () C:\Users\Jared\Documents\Appointments excel file.xlsx

2015-02-12 14:46 - 2015-02-12 14:46 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2015-02-06 06:51 - 2015-02-06 06:51 - 00003573 _____ () C:\Users\Jared\Documents\17-things-to-expect-when-you-date-a-girl-whos-used-to-being-on-her-own.txt

2015-02-05 20:16 - 2014-12-31 19:13 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-05 20:04 - 2015-02-05 20:04 - 00000000 ____D () C:\Users\Jared\AppData\Local\tjnet

2015-02-05 04:57 - 2015-02-19 10:43 - 00000000 ____D () C:\Users\Jared\AppData\Local\PokerStars

2015-02-05 04:57 - 2015-02-05 20:15 - 00000000 ____D () C:\Program Files\PokerStars

2015-02-05 04:57 - 2015-02-05 04:57 - 00001913 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk

2015-02-05 04:57 - 2015-02-05 04:57 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2015-02-04 15:31 - 2015-02-26 22:40 - 00928371 _____ () C:\Windows\WindowsUpdate.log

2015-02-04 12:58 - 2015-02-04 12:58 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-02-04 12:47 - 2015-02-04 12:50 - 00000000 ____D () C:\Windows\erdnt

2015-02-04 11:46 - 2015-02-04 11:46 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jared\Desktop\autoruns.exe

2015-02-04 08:22 - 2015-02-19 06:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-04 08:22 - 2015-02-19 05:30 - 00002205 _____ () C:\Windows\epplauncher.mif

2015-02-04 08:09 - 2015-02-04 08:20 - 00001770 _____ () C:\Users\Jared\Desktop\chrome - Shortcut.lnk

2015-02-01 15:18 - 2015-02-04 10:02 - 00000000 ____D () C:\Windows\pss

2015-01-30 21:37 - 2015-02-19 12:36 - 00000000 ____D () C:\ProgramData\magicJack

2015-01-30 21:36 - 2015-02-18 02:15 - 00000953 _____ () C:\Users\Jared\Desktop\magicJack.lnk

2015-01-30 21:36 - 2015-02-18 02:15 - 00000939 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\Jared\AppData\Local\magicJack

2015-01-30 21:32 - 2015-02-18 02:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\mjusbsp

2015-01-30 15:04 - 2015-02-19 06:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-30 14:49 - 2015-01-30 14:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-30 14:48 - 2015-01-30 14:48 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-30 14:44 - 2012-08-23 22:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-01-30 14:44 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-01-30 14:44 - 2012-08-23 21:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-01-30 14:44 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-01-30 14:44 - 2012-08-23 18:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-01-30 14:43 - 2015-01-30 14:43 - 00000000 ____D () C:\OETemp

2015-01-30 14:43 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-01-30 14:43 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-01-30 14:43 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-01-30 14:43 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-01-30 14:43 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-01-30 14:43 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-01-30 14:43 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-01-30 14:43 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-01-30 14:43 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-30 14:43 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-01-30 14:43 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-01-30 14:43 - 2013-10-02 04:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-01-30 14:42 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-01-30 14:29 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-01-29 18:53 - 2015-02-23 01:16 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype

2015-01-29 18:53 - 2015-02-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-01-29 18:53 - 2015-02-07 04:44 - 00000000 ____D () C:\Users\Jared\AppData\Local\Skype

2015-01-29 18:53 - 2015-02-04 11:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk

2015-01-29 18:50 - 2015-01-30 22:35 - 00001141 _____ () C:\Users\Jared\Desktop\Downloads - Shortcut.lnk

2015-01-29 18:30 - 2015-01-29 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google

2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Program Files\Google

2015-01-29 18:04 - 2012-02-11 13:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe

2015-01-29 10:38 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2015-01-29 10:37 - 2014-11-22 09:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-01-29 10:37 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-01-29 10:37 - 2011-03-11 13:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys

2015-01-29 10:37 - 2011-03-11 13:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys

2015-01-29 10:37 - 2011-03-11 13:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys

2015-01-29 10:37 - 2011-03-11 13:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys

2015-01-29 10:37 - 2011-03-11 13:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll

2015-01-29 10:37 - 2011-03-11 13:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe

2015-01-29 10:37 - 2011-03-11 12:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2015-01-29 10:36 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\system32\locale.nls

2015-01-29 10:36 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2015-01-29 10:36 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2015-01-29 10:36 - 2011-02-25 13:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2015-01-28 12:49 - 2015-02-04 13:03 - 00000000 ____D () C:\Windows\Panther

2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ____D () C:\Windows\system32\appraiser

2015-01-28 03:01 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-01-28 03:01 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-01-28 03:01 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-01-28 03:01 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-01-28 03:01 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-01-28 01:36 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\Jared\AppData\Local\Apps\2.0

2015-01-28 00:28 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-01-28 00:27 - 2013-04-10 07:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-01-28 00:21 - 2015-01-28 00:21 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Adobe

2015-01-27 23:55 - 2015-02-19 06:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-01-27 23:55 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin

2015-01-27 23:33 - 2015-01-27 23:35 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-27 22:53 - 2012-07-26 11:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe

2015-01-27 22:53 - 2012-07-26 11:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll

2015-01-27 22:53 - 2012-07-26 10:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys

2015-01-27 22:53 - 2012-07-26 10:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys

2015-01-27 22:53 - 2012-06-02 22:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2015-01-27 22:51 - 2012-03-01 13:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys

2015-01-27 22:51 - 2012-03-01 13:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll

2015-01-27 22:41 - 2015-01-27 22:41 - 00000000 ____D () C:\Program Files\Microsoft.NET

2015-01-27 22:38 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-01-27 22:38 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-01-27 22:30 - 2015-01-27 22:30 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-01-27 22:30 - 2015-01-27 22:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2015-01-27 22:30 - 2015-01-27 22:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-01-27 22:30 - 2015-01-27 22:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-01-27 22:29 - 2015-01-27 22:29 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2015-01-27 22:29 - 2015-01-27 22:29 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe

2015-01-27 22:28 - 2015-01-27 22:28 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2015-01-27 22:26 - 2015-01-27 22:26 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-01-27 22:23 - 2014-12-04 12:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-01-27 22:23 - 2014-12-02 07:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-01-27 22:22 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2015-01-27 22:22 - 2014-07-17 09:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2015-01-27 22:22 - 2014-07-17 09:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2015-01-27 22:22 - 2014-07-17 09:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2015-01-27 22:22 - 2014-07-17 09:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2015-01-27 22:22 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2015-01-27 22:22 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2015-01-27 22:22 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2015-01-27 22:22 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2015-01-27 22:22 - 2013-05-13 11:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2015-01-27 22:22 - 2013-05-13 11:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2015-01-27 22:22 - 2012-04-26 12:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll

2015-01-27 22:22 - 2012-04-26 12:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe

2015-01-27 22:22 - 2011-07-09 10:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-01-27 22:22 - 2011-04-27 10:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-01-27 22:22 - 2011-04-27 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-01-27 22:21 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-27 22:21 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-01-27 22:21 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-27 22:21 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-01-27 22:21 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-01-27 22:21 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2015-01-27 22:21 - 2014-07-14 09:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-01-27 22:21 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2015-01-27 22:21 - 2013-07-09 12:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-01-27 22:21 - 2013-06-06 12:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-01-27 22:21 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-01-27 22:21 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-01-27 22:21 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-01-27 22:21 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-01-27 22:21 - 2012-12-07 20:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2015-01-27 22:21 - 2012-12-07 20:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll

2015-01-27 22:21 - 2012-12-07 18:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs

2015-01-27 22:21 - 2012-10-10 01:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll

2015-01-27 22:21 - 2012-10-10 01:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll

2015-01-27 22:21 - 2012-08-22 04:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe

2015-01-27 22:21 - 2012-06-06 13:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2015-01-27 22:21 - 2011-04-09 13:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-01-27 22:20 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-27 22:20 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-27 22:20 - 2014-11-11 09:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-01-27 22:20 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2015-01-27 22:20 - 2014-06-25 09:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-01-27 22:20 - 2014-06-03 17:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-01-27 22:20 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-01-27 22:20 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2015-01-27 22:20 - 2014-03-04 17:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-01-27 22:20 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-01-27 22:20 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2015-01-27 22:20 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2015-01-27 22:20 - 2013-08-02 09:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-01-27 22:20 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-01-27 22:20 - 2013-07-09 12:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-01-27 22:20 - 2013-07-09 12:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-01-27 22:20 - 2013-05-10 11:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll

2015-01-27 22:20 - 2012-10-04 00:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll

2015-01-27 22:20 - 2012-10-03 23:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2015-01-27 22:20 - 2012-08-23 01:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2015-01-27 22:20 - 2012-07-05 03:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys

2015-01-27 22:20 - 2012-01-04 16:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll

2015-01-27 22:20 - 2011-11-17 13:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

2015-01-27 22:20 - 2011-08-27 12:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll

2015-01-27 22:19 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-01-27 22:19 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-01-27 22:19 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2015-01-27 22:19 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-01-27 22:19 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-01-27 22:19 - 2014-10-10 08:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-01-27 22:19 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2015-01-27 22:19 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2015-01-27 22:19 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2015-01-27 22:19 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2015-01-27 22:19 - 2014-02-04 10:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2015-01-27 22:19 - 2014-02-04 10:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2015-01-27 22:19 - 2014-02-04 10:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2015-01-27 22:19 - 2014-02-04 10:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2015-01-27 22:19 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-27 22:19 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2015-01-27 22:19 - 2013-08-28 08:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2015-01-27 22:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-01-27 22:19 - 2013-07-03 11:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2015-01-27 22:19 - 2013-07-03 11:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2015-01-27 22:19 - 2013-06-26 06:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2015-01-27 22:19 - 2013-02-12 11:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2015-01-27 22:19 - 2013-01-24 12:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2015-01-27 22:19 - 2012-11-29 06:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2015-01-27 22:19 - 2012-11-29 06:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2015-01-27 22:19 - 2012-11-29 06:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2015-01-27 22:19 - 2011-06-16 12:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll

2015-01-27 22:19 - 2011-05-04 12:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2015-01-27 22:19 - 2011-05-04 12:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2015-01-27 22:19 - 2011-05-04 12:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2015-01-27 22:19 - 2011-05-04 12:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2015-01-27 22:19 - 2011-02-23 12:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2015-01-27 22:19 - 2010-12-23 13:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-27 22:18 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-01-27 22:18 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2015-01-27 22:18 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-01-27 22:18 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-01-27 22:18 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-01-27 22:18 - 2014-06-16 09:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2015-01-27 22:18 - 2014-06-16 09:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2015-01-27 22:18 - 2014-06-16 09:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2015-01-27 22:18 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2015-01-27 22:18 - 2014-05-30 14:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-01-27 22:18 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2015-01-27 22:18 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2015-01-27 22:18 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-01-27 22:18 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-01-27 22:18 - 2014-01-28 10:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2015-01-27 22:18 - 2014-01-24 10:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2015-01-27 22:18 - 2013-11-26 19:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2015-01-27 22:18 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2015-01-27 22:18 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2015-01-27 22:18 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2015-01-27 22:18 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2015-01-27 22:18 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2015-01-27 22:18 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2015-01-27 22:18 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2015-01-27 22:18 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2015-01-27 22:18 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2015-01-27 22:18 - 2013-10-04 09:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2015-01-27 22:18 - 2013-10-04 09:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2015-01-27 22:18 - 2013-08-05 09:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2015-01-27 22:18 - 2013-07-25 16:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2015-01-27 22:18 - 2013-07-12 18:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2015-01-27 22:18 - 2013-07-12 18:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2015-01-27 22:18 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-01-27 22:18 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2015-01-27 22:18 - 2013-04-26 12:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2015-01-27 22:18 - 2013-03-19 11:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2015-01-27 22:18 - 2012-11-02 13:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll

2015-01-27 22:18 - 2012-09-26 06:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll

2015-01-27 22:18 - 2012-07-05 05:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll

2015-01-27 22:18 - 2012-07-05 05:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll

2015-01-27 22:18 - 2012-07-05 05:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll

2015-01-27 22:18 - 2012-05-14 12:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2015-01-27 22:18 - 2012-05-05 15:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-27 22:18 - 2012-03-17 15:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

2015-01-27 22:18 - 2011-12-30 13:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl

2015-01-27 22:18 - 2011-12-16 15:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll

2015-01-27 22:18 - 2011-10-26 12:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-01-27 22:18 - 2011-10-15 13:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2015-01-27 22:18 - 2011-08-17 12:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll

2015-01-27 22:18 - 2011-08-17 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax

2015-01-27 22:18 - 2011-06-15 16:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll

2015-01-27 22:18 - 2011-05-24 18:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll

2015-01-27 22:18 - 2011-05-03 12:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-01-27 22:18 - 2011-04-29 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-01-27 22:18 - 2011-04-29 10:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2015-01-27 22:18 - 2011-04-29 10:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-01-27 22:18 - 2011-03-11 13:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2015-01-27 22:18 - 2011-03-11 13:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2015-01-27 22:18 - 2011-03-03 13:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll

2015-01-27 22:18 - 2011-03-03 13:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

2015-01-27 22:18 - 2011-03-03 13:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe

2015-01-27 22:18 - 2011-02-18 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe

2015-01-27 22:18 - 2010-12-23 13:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2015-01-27 22:18 - 2010-12-23 13:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax

2015-01-27 22:09 - 2014-10-14 09:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-01-27 22:09 - 2014-10-14 09:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-01-27 22:09 - 2014-10-14 09:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2015-01-27 22:09 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-01-27 22:09 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-01-27 22:09 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-01-27 22:09 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-01-27 22:09 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-01-27 22:09 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-01-27 22:09 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-01-27 22:09 - 2013-07-04 20:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-01-27 22:09 - 2013-02-27 12:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-01-27 22:07 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-01-27 21:20 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-01-27 21:20 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-01-27 21:20 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-01-27 21:20 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-01-27 21:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-01-27 21:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-01-27 20:58 - 2015-02-19 15:29 - 00000000 ____D () C:\Users\Jared

2015-01-27 20:58 - 2015-02-13 09:49 - 00000000 ____D () C:\Users\Jared\AppData\Local\VirtualStore

2015-01-27 20:58 - 2015-01-27 20:58 - 00001409 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-27 20:58 - 2015-01-27 20:58 - 00000000 ____D () C:\Recovery

2015-01-27 20:58 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-27 20:58 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 22:44 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2015-02-22 04:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-21 15:52 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2015-02-19 15:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2015-02-19 12:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-19 12:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2015-02-19 07:50 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini

2015-02-19 07:24 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-02-19 07:16 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-19 06:51 - 2009-07-14 10:37 - 00000000 ____D () C:\Users\Jared\MSInfo

2015-02-13 12:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-02-13 12:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2015-02-04 12:50 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2015-02-01 15:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-01-30 19:23 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-30 14:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2015-01-28 12:48 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG

2015-01-28 12:48 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

2015-01-28 05:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-HK

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\tr-TR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-PT

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\hu-HU

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\el-GR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE

2015-01-27 21:20 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore

2015-01-27 20:58 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=\Device\HarddiskVolume1

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

nx                      OptIn

 

Windows Boot Loader

-------------------

identifier              {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}

device                  ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

pae                     Yes

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=\Device\HarddiskVolume1

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\boot.sdi

 

 

 

LastRegBack: 2015-02-23 10:30

 

==================== End Of Log ============================

[RKinner]

Copy the following text:

 

[Version]
Signature="$Chicago$"
Provider=Symantec


[DefaultInstall]
AddReg=UnhookRegKey


[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0

Open notepad, paste the text into notepad.  File, Save As, to your desktop, call it "fix.inf"  Save.  Note You must use the quotes or notepad will give you a .txt extension which won't work.

 

Close notepad and find fix.inf on your desktop.  Right click on it and select Install.  This may help with your exe files not working.

 

IF safe mode and/or the above do not help then you really need to follow the instructions here:

 

http://www.geekstogo...l/#entry2151691

 

This will give me a FRST scan log which should tell us what is going on.  This bypasses most of Windows so should work.  If you still can't get it to work then try the AVG Rescue CD:

 

http://www.geekstogo...l/#entry1913777

[RKinner]

Your FRST scan looks empty.  Have you turned off a lot of stuff in Autoruns?  

 

Can you use Autoruns to uncheck these two:

 

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

 and reboot.

That should stop MSE.  If not we can use FRST to pull it out by the roots.

[stanleybeast]

I didnt touch anythig in the autorun tests. Just let it run. I was able to do the inf file in safe mode, it still didnt change the error we're having.

 

I was able to run though rouge killer in admin and also frst, here are the results. combo fix I didnt run and check if the unchecking of those 2 services in autoruns actually worked  as I wanted you to have rthese results first. I also didnt remove anything with rouge killer, just ran it and saved report and exited it. 

 

Rouge killer result

 

RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.co...es/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Safe mode

User : Jared [Administrator]

Mode : Scan -- Date : 02/27/2015  00:04:01

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 12 ¤¤¤

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Jared\AppData\Local\Temp\catchme.sys) -> Found

[PUM.Policies] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found

[PUM.StartMenu] HKEY_USERS\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-001CA SCSI Disk Device +++++

--- User ---

[MBR] 06b716690cf970fd175effefaf069c67

[BSP] 050619420d09ead711c1d17073120430 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 149900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307202048 | Size: 326937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

 

+++++ PhysicalDrive1: Imation Imation USB USB Device +++++

--- User ---

[MBR] 59e5e4021929d32e53904858ad7209e1

[BSP] 872a9a4900dc5d4b5680dc2e24b87c2f : Unknown MBR Code

Partition table:

0 - [XXXXXX] FAT16-LBA (0xe) [VISIBLE] Offset (sectors): 8064 | Size: 1907 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

 

 

addition txt result

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01

Ran by Jared at 2015-02-26 23:59:34

Running from E:\

Boot Mode: Safe Mode (minimal)

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

magicJack (HKU\S-1-5-21-289597471-917399791-413522533-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)

Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

21-02-2015 15:52:35 Scheduled Checkpoint

22-02-2015 15:27:49 Windows Update

26-02-2015 15:41:33 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2015-02-04 12:10 - 2015-02-19 07:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {2375F586-1009-41FB-B54E-30D8AF2B781D} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

 

==================== Loaded Modules (whitelisted) ==============

 

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-289597471-917399791-413522533-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: Media is not connected to internet.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: HitmanProScheduler => 2

MSCONFIG\startupreg: cdloader => "C:\Users\Jared\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-289597471-917399791-413522533-500 - Administrator - Disabled)

Guest (S-1-5-21-289597471-917399791-413522533-501 - Limited - Disabled)

Jared (S-1-5-21-289597471-917399791-413522533-1000 - Administrator - Enabled) => C:\Users\Jared

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/26/2015 11:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode

.

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

 

 

System errors:

=============

Error: (02/26/2015 11:57:35 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

 

Error: (02/26/2015 11:57:35 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error: (02/26/2015 11:57:34 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

 

Error: (02/26/2015 11:57:34 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}

 

Error: (02/26/2015 11:57:33 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error: (02/26/2015 11:57:27 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

 

Error: (02/26/2015 11:57:20 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )

Description: %%860 Real-Time Protection feature has encountered an error and failed.

 

Feature: %%834

 

Error Code: 0x8007043c

 

Error description: This service cannot be started in Safe Mode 

 

Reason: %%858

 

Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load: 

AFD

cdrom

DfsC

discache

ESProtectionDriver

MpFilter

NetBIOS

NetBT

nsiproxy

PEAUTH

Psched

rdbss

spldr

tdx

Wanarpv6

WfpLwf

ws2ifsl

 

Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The WinDefend service terminated with the following error: 

%%126

 

Error: (02/26/2015 11:57:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: 

%%31

 

 

Microsoft Office Sessions:

=========================

Error: (02/26/2015 11:59:03 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

Error: (02/26/2015 11:01:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 009120200000000000000AF000000

 

Error: (02/26/2015 10:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 8193) (User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:52:21 PM) (Source: VSS) (EventID: 18) (User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

 

 

Operation:

   Instantiating VSS server

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

Error: (02/26/2015 10:48:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 009120200000000000000AF000000

 

Error: (02/26/2015 10:45:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (02/26/2015 10:35:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)

Description: 0098020000002D010000

 

 

CodeIntegrity Errors:

===================================

  Date: 2015-02-26 23:53:42.111

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:57:02.340

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:42:06.107

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:34:20.638

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:22:56.721

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:16:59.881

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 22:03:35.647

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 16:00:13.409

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-26 15:40:23.453

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-02-24 10:46:11.220

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: AMD Athlon™ II X2 250 Processor

Percentage of memory in use: 18%

Total physical RAM: 3327.23 MB

Available physical RAM: 2711.59 MB

Total Pagefile: 6652.74 MB

Available Pagefile: 6062.31 MB

Total Virtual: 2047.88 MB

Available Virtual: 1921.19 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:146.39 GB) (Free:127.78 GB) NTFS

Drive d: (D) (Fixed) (Total:319.27 GB) (Free:318.78 GB) NTFS

Drive e: (IMATION USB) (Removable) (Total:1.86 GB) (Free:1.78 GB) FAT

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61A7D6A5)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1.9 GB) (Disk ID: F20DB7B1)

Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)

 

==================== End Of Log ============================

 

 

frst txt results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01

Ran by Jared (administrator) on JARED-PC on 26-02-2015 23:59:12

Running from E:\

Loaded Profiles: Jared (Available profiles: Jared)

Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Safe Mode (minimal)

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\RunOnce: [GrpConv] => grpconv -o

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-289597471-917399791-413522533-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-289597471-917399791-413522533-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File

 

Chrome: 

=======

CHR HomePage: Profile 2 -> hxxp://www.google.com

CHR StartupUrls: Profile 2 -> "hxxp://google.com/"

CHR DefaultSuggestURL: Profile 2 -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-19]

CHR Extension: (Google Wallet) - C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-19]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 Appinfo; C:\Windows\System32\appinfo.dll [47104 2013-02-27] (Microsoft Corporation) [File not signed]

S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

S2 Audiosrv; C:\Windows\System32\Audiosrv.dll [475136 2014-10-03] (Microsoft Corporation) [File not signed]

R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed]

S3 EFS; C:\Windows\System32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [102912 2015-01-27] (Microsoft Corporation) [File not signed]

S2 IKEEXT; C:\Windows\System32\ikeext.dll [679424 2013-10-12] (Microsoft Corporation) [File not signed]

S3 KeyIso; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

R4 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)

S3 Netlogon; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S4 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

S2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2014-12-06] (Microsoft Corporation) [File not signed]

R2 ProfSvc; C:\Windows\system32\profsvc.dll [164864 2014-12-19] (Microsoft Corporation) [File not signed]

S3 ProtectedStorage; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S2 SamSs; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 TermService; C:\Windows\System32\termsrv.dll [523776 2014-10-14] (Microsoft Corporation) [File not signed]

S3 VaultSvc; C:\Windows\system32\lsass.exe [22528 2014-04-12] (Microsoft Corporation) [File not signed]

S3 WebClient; C:\Windows\System32\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed]

S3 WinRM; C:\Windows\system32\WsmSvc.dll [1177088 2014-10-03] (Microsoft Corporation) [File not signed]

S3 WwanSvc; C:\Windows\System32\wwansvc.dll [185344 2014-01-28] (Microsoft Corporation) [File not signed]

S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2014-05-30] (Microsoft Corporation) [File not signed]

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-12] ()

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [116224 2014-12-19] (Microsoft Corporation) [File not signed]

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()

S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [184320 2014-07-17] (Microsoft Corporation) [File not signed]

S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2014-11-11] (Microsoft Corporation) [File not signed]

S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2014-07-17] (Microsoft Corporation) [File not signed]

S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49152 2013-10-02] (Microsoft Corporation) [File not signed]

S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [80896 2013-07-12] (Microsoft Corporation) [File not signed]

S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [76288 2013-11-27] (Microsoft Corporation) [File not signed]

S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] (Microsoft Corporation) [File not signed]

R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] (Microsoft Corporation) [File not signed]

R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [20480 2013-11-27] (Microsoft Corporation) [File not signed]

U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)

S3 catchme; \??\C:\Users\Jared\AppData\Local\Temp\catchme.sys [X]

S1 ESProtectionDriver; \??\C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [X]

 

========================== Drivers MD5 =======================

 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B

C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05

C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\hitmanpro37.sys 43DC78987ECB5FD270170A0F99A61047

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E

C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252

C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25

C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC

C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ASACPI.sys D48659BB24C48345D926ECB45C1EBDF5

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA

C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC

C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B

C:\Windows\System32\DRIVERS\nvlddmkm.sys B0881DDA5A8160422561FFAB7F0008B1

C:\Windows\System32\DRIVERS\nvmf6232.sys 1DE923088878B495CD4219E47BA34EB8

C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0

C:\Windows\System32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B

C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6

C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46

C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB

C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B

C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3

C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463

C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF

C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46

C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041

C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6

C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A

C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97

C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A

C:\Windows\system32\drivers\usbuhci.sys ==> MD5 is legit

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 22:54 - 2015-02-26 22:54 - 00000000 ____D () C:\Users\Jared\Desktop\Scans

2015-02-26 22:51 - 2015-02-26 23:59 - 00000000 ____D () C:\FRST

2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ___SD () C:\32788R22FWJFW

2015-02-26 22:44 - 2015-02-26 22:51 - 00000000 ____D () C:\Qoobox

2015-02-26 22:06 - 2015-02-26 22:06 - 00062506 _____ () C:\Users\Jared\Desktop\autoruns.zip

2015-02-24 10:01 - 2015-02-24 10:01 - 02126848 _____ () C:\Users\Jared\Desktop\AdwCleaner.exe

2015-02-23 10:11 - 2015-02-23 10:11 - 06381796 _____ () C:\Users\Jared\Desktop\java scirpt funny sutfft.txt

2015-02-23 09:22 - 2015-02-23 09:23 - 00001201 _____ () C:\Users\Jared\Desktop\cmd.exe.lnk

2015-02-23 01:16 - 2015-02-23 01:16 - 00003470 _____ () C:\Users\Jared\Desktop\skype sharedxml file.txt

2015-02-22 20:51 - 2015-02-22 20:51 - 00026972 _____ () C:\Users\Jared\Desktop\geek.txt

2015-02-22 05:29 - 2015-02-22 05:29 - 00000000 ____D () C:\Users\Jared\AppData\Local\CrashDumps

2015-02-19 18:37 - 2015-02-19 18:37 - 00058016 _____ () C:\Users\Jared\AppData\Local\GDIPFONTCACHEV1.DAT

2015-02-19 17:20 - 2015-02-19 17:56 - 112270952 _____ (PokerStars) C:\Users\Jared\Desktop\PokerStarsInstall.exe

2015-02-19 15:33 - 2015-02-26 23:01 - 00004812 _____ () C:\Windows\system32\PerfStringBackup.TMP

2015-02-19 15:31 - 2015-02-26 23:04 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-19 15:31 - 2015-02-26 23:04 - 00006400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-19 15:31 - 2015-02-19 15:31 - 00000552 _____ () C:\Windows\system32\spsys.log

2015-02-19 15:29 - 2015-02-26 22:57 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-19 15:29 - 2015-02-26 22:56 - 00000959 _____ () C:\Windows\setupact.log

2015-02-19 15:29 - 2015-02-19 15:29 - 00000020 ___SH () C:\Users\Jared\ntuser.ini

2015-02-19 15:29 - 2015-02-19 15:29 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-19 15:28 - 2015-02-19 15:29 - 00267016 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-19 15:26 - 2015-02-19 15:26 - 00000955 _____ () C:\DelFix.txt

2015-02-19 15:26 - 2015-02-19 15:26 - 00000000 ____D () C:\Windows\ERUNT

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\ProgramData\Skype

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Skype

2015-02-19 14:11 - 2015-02-19 14:11 - 00000000 ____D () C:\Program Files\Common Files\Skype

2015-02-19 12:34 - 2015-02-26 22:57 - 00000000 ____D () C:\Users\Jared\Desktop\COM

2015-02-19 12:21 - 2015-02-19 12:21 - 00088274 _____ () C:\Users\Jared\Documents\bookmarks_2_19_15.html

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieUserList

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieSiteList

2015-02-19 10:41 - 2015-02-22 05:25 - 00000000 __SHD () C:\Users\Jared\AppData\Local\EmieBrowserModeList

2015-02-19 07:20 - 2015-02-19 12:32 - 00000000 ____D () C:\Users\Jared\WORD

2015-02-19 05:37 - 2015-02-19 06:12 - 00002707 _____ () C:\Users\Jared\Downloads\~ESETUninstaller.log

2015-02-19 05:18 - 2015-02-19 05:19 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jared\Downloads\mbar-1.08.3.1004.exe

2015-02-18 21:46 - 2015-02-18 21:46 - 00000010 _____ () C:\Users\Jared\Documents\pkr.txt

2015-02-13 22:17 - 2015-02-13 22:17 - 00000000 ____D () C:\Users\Jared\Documents\Gary R

2015-02-13 12:00 - 2015-02-13 11:59 - 00196608 _____ () C:\Users\Jared\Downloads\3D8B6B9C-0B52-4022-BD12-D8DD71DDFCCC.Diagnose.0.etl

2015-02-12 21:51 - 2015-02-12 21:51 - 00036985 _____ () C:\Users\Jared\Documents\Appointments excel file.xlsx

2015-02-12 14:46 - 2015-02-12 14:46 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys

2015-02-06 06:51 - 2015-02-06 06:51 - 00003573 _____ () C:\Users\Jared\Documents\17-things-to-expect-when-you-date-a-girl-whos-used-to-being-on-her-own.txt

2015-02-05 20:16 - 2014-12-31 19:13 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-05 20:04 - 2015-02-05 20:04 - 00000000 ____D () C:\Users\Jared\AppData\Local\tjnet

2015-02-05 04:57 - 2015-02-19 10:43 - 00000000 ____D () C:\Users\Jared\AppData\Local\PokerStars

2015-02-05 04:57 - 2015-02-05 20:15 - 00000000 ____D () C:\Program Files\PokerStars

2015-02-05 04:57 - 2015-02-05 04:57 - 00001913 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\PokerStars.lnk

2015-02-05 04:57 - 2015-02-05 04:57 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars

2015-02-04 15:31 - 2015-02-26 23:55 - 00932471 _____ () C:\Windows\WindowsUpdate.log

2015-02-04 12:58 - 2015-02-04 12:58 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-02-04 12:47 - 2015-02-04 12:50 - 00000000 ____D () C:\Windows\erdnt

2015-02-04 11:46 - 2015-02-04 11:46 - 00650392 _____ (Sysinternals - www.sysinternals.com) C:\Users\Jared\Desktop\autoruns.exe

2015-02-04 08:22 - 2015-02-19 06:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2015-02-04 08:22 - 2015-02-19 05:30 - 00002205 _____ () C:\Windows\epplauncher.mif

2015-02-04 08:09 - 2015-02-04 08:20 - 00001770 _____ () C:\Users\Jared\Desktop\chrome - Shortcut.lnk

2015-02-01 15:18 - 2015-02-04 10:02 - 00000000 ____D () C:\Windows\pss

2015-01-30 21:37 - 2015-02-19 12:36 - 00000000 ____D () C:\ProgramData\magicJack

2015-01-30 21:36 - 2015-02-18 02:15 - 00000953 _____ () C:\Users\Jared\Desktop\magicJack.lnk

2015-01-30 21:36 - 2015-02-18 02:15 - 00000939 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk

2015-01-30 21:36 - 2015-01-30 21:36 - 00000000 ____D () C:\Users\Jared\AppData\Local\magicJack

2015-01-30 21:32 - 2015-02-18 02:15 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\mjusbsp

2015-01-30 15:04 - 2015-02-19 06:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-30 14:49 - 2015-01-30 14:49 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-30 14:48 - 2015-01-30 14:48 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-01-30 14:44 - 2012-08-23 22:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-01-30 14:44 - 2012-08-23 22:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2015-01-30 14:44 - 2012-08-23 21:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2015-01-30 14:44 - 2012-08-23 19:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2015-01-30 14:44 - 2012-08-23 18:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2015-01-30 14:43 - 2015-01-30 14:43 - 00000000 ____D () C:\OETemp

2015-01-30 14:43 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2015-01-30 14:43 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2015-01-30 14:43 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2015-01-30 14:43 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2015-01-30 14:43 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2015-01-30 14:43 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2015-01-30 14:43 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2015-01-30 14:43 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll

2015-01-30 14:43 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2015-01-30 14:43 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2015-01-30 14:43 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2015-01-30 14:43 - 2013-10-02 04:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2015-01-30 14:42 - 2014-08-19 22:16 - 00061728 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 04389848 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 00377288 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2015-01-30 14:42 - 2014-07-03 03:42 - 00062936 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2015-01-30 14:29 - 2014-12-13 11:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-01-29 18:53 - 2015-02-23 01:16 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Skype

2015-01-29 18:53 - 2015-02-19 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-01-29 18:53 - 2015-02-07 04:44 - 00000000 ____D () C:\Users\Jared\AppData\Local\Skype

2015-01-29 18:53 - 2015-02-04 11:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk

2015-01-29 18:50 - 2015-01-30 22:35 - 00001141 _____ () C:\Users\Jared\Desktop\Downloads - Shortcut.lnk

2015-01-29 18:30 - 2015-01-29 18:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Users\Jared\AppData\Local\Google

2015-01-29 18:28 - 2015-01-29 18:30 - 00000000 ____D () C:\Program Files\Google

2015-01-29 18:04 - 2012-02-11 13:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe

2015-01-29 10:38 - 2014-06-27 09:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2015-01-29 10:37 - 2014-11-22 09:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-01-29 10:37 - 2013-11-24 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-01-29 10:37 - 2011-03-11 13:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys

2015-01-29 10:37 - 2011-03-11 13:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys

2015-01-29 10:37 - 2011-03-11 13:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys

2015-01-29 10:37 - 2011-03-11 13:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys

2015-01-29 10:37 - 2011-03-11 13:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll

2015-01-29 10:37 - 2011-03-11 13:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe

2015-01-29 10:37 - 2011-03-11 12:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2015-01-29 10:36 - 2014-07-09 09:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2015-01-29 10:36 - 2014-07-09 06:30 - 00419992 _____ () C:\Windows\system32\locale.nls

2015-01-29 10:36 - 2014-06-24 10:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2015-01-29 10:36 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2015-01-29 10:36 - 2011-02-25 13:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2015-01-28 12:49 - 2015-02-04 13:03 - 00000000 ____D () C:\Windows\Panther

2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-01-28 05:25 - 2015-01-28 05:25 - 00000000 ____D () C:\Windows\system32\appraiser

2015-01-28 03:01 - 2014-10-18 09:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-01-28 03:01 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-01-28 03:01 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-01-28 03:01 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-01-28 03:01 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-01-28 01:36 - 2015-02-19 09:15 - 00000000 ____D () C:\Users\Jared\AppData\Local\Apps\2.0

2015-01-28 00:28 - 2014-11-11 10:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-01-28 00:27 - 2013-04-10 07:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-01-28 00:21 - 2015-01-28 00:21 - 00000000 ____D () C:\Users\Jared\AppData\Roaming\Adobe

2015-01-27 23:55 - 2015-02-19 06:47 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2015-01-27 23:55 - 2010-08-09 22:33 - 00011164 _____ () C:\Windows\system32\Drivers\nvphy.bin

2015-01-27 23:33 - 2015-01-27 23:35 - 00000000 ____D () C:\Windows\system32\MRT

2015-01-27 22:53 - 2012-07-26 11:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe

2015-01-27 22:53 - 2012-07-26 11:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll

2015-01-27 22:53 - 2012-07-26 11:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll

2015-01-27 22:53 - 2012-07-26 10:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys

2015-01-27 22:53 - 2012-07-26 10:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys

2015-01-27 22:53 - 2012-06-02 22:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2015-01-27 22:51 - 2012-03-01 13:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys

2015-01-27 22:51 - 2012-03-01 13:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll

2015-01-27 22:41 - 2015-01-27 22:41 - 00000000 ____D () C:\Program Files\Microsoft.NET

2015-01-27 22:38 - 2013-05-10 12:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-01-27 22:38 - 2013-05-10 12:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-01-27 22:30 - 2015-01-27 22:30 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-01-27 22:30 - 2015-01-27 22:30 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2015-01-27 22:30 - 2015-01-27 22:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-01-27 22:30 - 2015-01-27 22:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2015-01-27 22:30 - 2015-01-27 22:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2015-01-27 22:30 - 2015-01-27 22:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2015-01-27 22:30 - 2015-01-27 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-01-27 22:29 - 2015-01-27 22:29 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2015-01-27 22:29 - 2015-01-27 22:29 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe

2015-01-27 22:28 - 2015-01-27 22:28 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2015-01-27 22:28 - 2015-01-27 22:28 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2015-01-27 22:26 - 2015-01-27 22:26 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-01-27 22:23 - 2014-12-04 12:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-01-27 22:23 - 2014-12-04 12:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-01-27 22:23 - 2014-12-02 07:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe

2015-01-27 22:22 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2015-01-27 22:22 - 2014-07-17 09:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2015-01-27 22:22 - 2014-07-17 09:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2015-01-27 22:22 - 2014-07-17 09:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2015-01-27 22:22 - 2014-07-17 09:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2015-01-27 22:22 - 2014-06-18 09:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2015-01-27 22:22 - 2014-03-04 17:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2015-01-27 22:22 - 2014-03-04 17:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2015-01-27 22:22 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2015-01-27 22:22 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2015-01-27 22:22 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2015-01-27 22:22 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2015-01-27 22:22 - 2013-05-13 11:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2015-01-27 22:22 - 2013-05-13 11:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2015-01-27 22:22 - 2012-04-26 12:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll

2015-01-27 22:22 - 2012-04-26 12:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe

2015-01-27 22:22 - 2011-07-09 10:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-01-27 22:22 - 2011-04-27 10:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-01-27 22:22 - 2011-04-27 10:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-01-27 22:21 - 2014-12-19 10:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-01-27 22:21 - 2014-12-12 13:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-01-27 22:21 - 2014-12-12 13:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-01-27 22:21 - 2014-11-11 10:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-01-27 22:21 - 2014-11-11 10:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-01-27 22:21 - 2014-09-19 17:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-01-27 22:21 - 2014-08-01 19:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2015-01-27 22:21 - 2014-07-14 09:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-01-27 22:21 - 2013-07-26 09:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2015-01-27 22:21 - 2013-07-09 12:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-01-27 22:21 - 2013-06-06 12:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-01-27 22:21 - 2013-06-06 12:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-01-27 22:21 - 2013-06-06 12:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-01-27 22:21 - 2013-06-06 11:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-01-27 22:21 - 2013-06-06 11:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-01-27 22:21 - 2012-12-07 20:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll

2015-01-27 22:21 - 2012-12-07 20:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll

2015-01-27 22:21 - 2012-12-07 18:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs

2015-01-27 22:21 - 2012-12-07 18:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs

2015-01-27 22:21 - 2012-10-10 01:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll

2015-01-27 22:21 - 2012-10-10 01:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll

2015-01-27 22:21 - 2012-08-22 04:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe

2015-01-27 22:21 - 2012-06-06 13:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2015-01-27 22:21 - 2011-04-09 13:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-01-27 22:20 - 2014-12-19 09:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2015-01-27 22:20 - 2014-12-06 11:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2015-01-27 22:20 - 2014-11-11 09:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2015-01-27 22:20 - 2014-08-12 09:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2015-01-27 22:20 - 2014-06-25 09:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-01-27 22:20 - 2014-06-03 17:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2015-01-27 22:20 - 2014-06-03 17:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-01-27 22:20 - 2014-06-03 17:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2015-01-27 22:20 - 2014-03-04 17:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-01-27 22:20 - 2013-10-06 03:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-01-27 22:20 - 2013-10-04 09:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2015-01-27 22:20 - 2013-10-04 09:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2015-01-27 22:20 - 2013-08-02 09:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-01-27 22:20 - 2013-08-02 08:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-01-27 22:20 - 2013-08-02 08:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-01-27 22:20 - 2013-07-09 12:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-01-27 22:20 - 2013-07-09 12:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-01-27 22:20 - 2013-05-10 11:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2015-01-27 22:20 - 2012-10-04 00:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll

2015-01-27 22:20 - 2012-10-04 00:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll

2015-01-27 22:20 - 2012-10-03 23:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2015-01-27 22:20 - 2012-08-23 01:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2015-01-27 22:20 - 2012-07-05 03:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys

2015-01-27 22:20 - 2012-01-04 16:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll

2015-01-27 22:20 - 2011-11-17 13:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

2015-01-27 22:20 - 2011-08-27 12:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll

2015-01-27 22:19 - 2014-11-08 10:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2015-01-27 22:19 - 2014-10-30 09:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

2015-01-27 22:19 - 2014-10-25 09:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2015-01-27 22:19 - 2014-10-18 09:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-01-27 22:19 - 2014-10-14 09:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-01-27 22:19 - 2014-10-10 08:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-01-27 22:19 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2015-01-27 22:19 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2015-01-27 22:19 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2015-01-27 22:19 - 2014-04-25 10:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2015-01-27 22:19 - 2014-02-04 10:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2015-01-27 22:19 - 2014-02-04 10:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2015-01-27 22:19 - 2014-02-04 10:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2015-01-27 22:19 - 2014-02-04 10:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2015-01-27 22:19 - 2014-01-29 10:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2015-01-27 22:19 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2015-01-27 22:19 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2015-01-27 22:19 - 2013-08-28 08:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2015-01-27 22:19 - 2013-07-04 19:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2015-01-27 22:19 - 2013-07-03 11:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2015-01-27 22:19 - 2013-07-03 11:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2015-01-27 22:19 - 2013-06-26 06:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2015-01-27 22:19 - 2013-02-12 11:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2015-01-27 22:19 - 2013-01-24 12:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys

2015-01-27 22:19 - 2012-11-29 06:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2015-01-27 22:19 - 2012-11-29 06:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2015-01-27 22:19 - 2012-11-29 06:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2015-01-27 22:19 - 2011-06-16 12:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll

2015-01-27 22:19 - 2011-05-04 12:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2015-01-27 22:19 - 2011-05-04 12:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2015-01-27 22:19 - 2011-05-04 12:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2015-01-27 22:19 - 2011-05-04 12:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2015-01-27 22:19 - 2011-05-04 12:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2015-01-27 22:19 - 2011-02-23 12:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys

2015-01-27 22:19 - 2010-12-23 13:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-01-27 22:18 - 2014-10-03 09:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-01-27 22:18 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-01-27 22:18 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2015-01-27 22:18 - 2014-08-23 09:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-01-27 22:18 - 2014-08-21 14:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-01-27 22:18 - 2014-08-21 14:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-01-27 22:18 - 2014-06-16 09:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2015-01-27 22:18 - 2014-06-16 09:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2015-01-27 22:18 - 2014-06-16 09:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2015-01-27 22:18 - 2014-06-06 17:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2015-01-27 22:18 - 2014-05-30 14:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2015-01-27 22:18 - 2014-04-05 10:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2015-01-27 22:18 - 2014-04-05 10:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2015-01-27 22:18 - 2014-03-26 22:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2015-01-27 22:18 - 2014-03-26 22:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2015-01-27 22:18 - 2014-01-28 10:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2015-01-27 22:18 - 2014-01-24 10:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2015-01-27 22:18 - 2013-11-26 19:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2015-01-27 22:18 - 2013-10-30 10:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll

2015-01-27 22:18 - 2013-10-19 09:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2015-01-27 22:18 - 2013-10-12 10:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2015-01-27 22:18 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2015-01-27 22:18 - 2013-10-12 10:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2015-01-27 22:18 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2015-01-27 22:18 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2015-01-27 22:18 - 2013-10-12 09:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2015-01-27 22:18 - 2013-10-12 09:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2015-01-27 22:18 - 2013-10-04 09:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2015-01-27 22:18 - 2013-10-04 09:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2015-01-27 22:18 - 2013-08-05 09:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys

2015-01-27 22:18 - 2013-07-25 16:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2015-01-27 22:18 - 2013-07-12 18:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2015-01-27 22:18 - 2013-07-12 18:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2015-01-27 22:18 - 2013-07-04 19:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2015-01-27 22:18 - 2013-07-04 19:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2015-01-27 22:18 - 2013-04-26 12:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2015-01-27 22:18 - 2013-03-19 11:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2015-01-27 22:18 - 2012-11-02 13:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll

2015-01-27 22:18 - 2012-09-26 06:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll

2015-01-27 22:18 - 2012-07-05 05:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll

2015-01-27 22:18 - 2012-07-05 05:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll

2015-01-27 22:18 - 2012-07-05 05:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll

2015-01-27 22:18 - 2012-05-14 12:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2015-01-27 22:18 - 2012-05-05 15:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-01-27 22:18 - 2012-03-17 15:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

2015-01-27 22:18 - 2011-12-30 13:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl

2015-01-27 22:18 - 2011-12-16 15:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll

2015-01-27 22:18 - 2011-10-26 12:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-01-27 22:18 - 2011-10-15 13:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2015-01-27 22:18 - 2011-08-17 12:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll

2015-01-27 22:18 - 2011-08-17 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax

2015-01-27 22:18 - 2011-06-15 16:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll

2015-01-27 22:18 - 2011-06-15 16:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll

2015-01-27 22:18 - 2011-05-24 18:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll

2015-01-27 22:18 - 2011-05-03 12:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-01-27 22:18 - 2011-04-29 10:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2015-01-27 22:18 - 2011-04-29 10:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2015-01-27 22:18 - 2011-04-29 10:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2015-01-27 22:18 - 2011-03-11 13:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2015-01-27 22:18 - 2011-03-11 13:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2015-01-27 22:18 - 2011-03-03 13:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll

2015-01-27 22:18 - 2011-03-03 13:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

2015-01-27 22:18 - 2011-03-03 13:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe

2015-01-27 22:18 - 2011-02-18 13:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe

2015-01-27 22:18 - 2010-12-23 13:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2015-01-27 22:18 - 2010-12-23 13:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax

2015-01-27 22:09 - 2014-10-14 09:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-01-27 22:09 - 2014-10-14 09:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-01-27 22:09 - 2014-10-14 09:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2015-01-27 22:09 - 2014-10-14 09:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-01-27 22:09 - 2014-10-14 09:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-01-27 22:09 - 2014-04-12 10:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-01-27 22:09 - 2014-04-12 10:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-01-27 22:09 - 2014-04-12 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-01-27 22:09 - 2014-04-12 10:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-01-27 22:09 - 2014-04-12 10:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-01-27 22:09 - 2013-07-04 20:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-01-27 22:09 - 2013-02-27 12:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll

2015-01-27 22:07 - 2014-10-03 09:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

2015-01-27 22:07 - 2014-10-03 09:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe

2015-01-27 21:20 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-01-27 21:20 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-01-27 21:20 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-01-27 21:20 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-01-27 21:20 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-01-27 21:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-01-27 21:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-01-27 20:58 - 2015-02-19 15:29 - 00000000 ____D () C:\Users\Jared

2015-01-27 20:58 - 2015-02-13 09:49 - 00000000 ____D () C:\Users\Jared\AppData\Local\VirtualStore

2015-01-27 20:58 - 2015-01-27 20:58 - 00001409 _____ () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-01-27 20:58 - 2015-01-27 20:58 - 00000000 ____D () C:\Recovery

2015-01-27 20:58 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-27 20:58 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-26 22:44 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public

2015-02-22 04:49 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-21 15:52 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache

2015-02-19 15:27 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool

2015-02-19 12:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-19 12:08 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles

2015-02-19 07:50 - 2009-07-14 10:04 - 00000215 _____ () C:\Windows\system.ini

2015-02-19 07:24 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer

2015-02-19 07:16 - 2009-07-14 12:52 - 00000000 ____D () C:\Program Files\Windows Defender

2015-02-19 06:51 - 2009-07-14 10:37 - 00000000 ____D () C:\Users\Jared\MSInfo

2015-02-13 12:20 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-02-13 12:18 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\registration

2015-02-04 12:50 - 2009-07-14 10:37 - 00000000 __RHD () C:\Users\Default

2015-02-01 15:13 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-01-30 19:23 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-01-30 14:42 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Help

2015-01-28 12:48 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG

2015-01-28 12:48 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template

2015-01-28 05:25 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\AppCompat

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-TW

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-HK

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\zh-CN

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\tr-TR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\sv-SE

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ru-RU

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-PT

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pt-BR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\pl-PL

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nl-NL

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\nb-NO

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ko-KR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\ja-JP

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\it-IT

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\hu-HU

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fr-FR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\fi-FI

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\el-GR

2015-01-28 00:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\de-DE

2015-01-27 21:20 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore

2015-01-27 20:58 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=\Device\HarddiskVolume1

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {current}

resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

displayorder            {current}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {current}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}

recoveryenabled         Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

nx                      OptIn

 

Windows Boot Loader

-------------------

identifier              {f63aa302-a6a8-11e4-bf47-ef668ac72a3d}

device                  ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\Winre.wim,{f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {f63aa300-a6a8-11e4-bf47-ef668ac72a3d}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

pae                     Yes

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=\Device\HarddiskVolume1

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {f63aa303-a6a8-11e4-bf47-ef668ac72a3d}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\f63aa302-a6a8-11e4-bf47-ef668ac72a3d\boot.sdi

 

 

 

LastRegBack: 2015-02-23 10:30

 

==================== End Of Log ============================

[RKinner]

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

 

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

 

 

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

 

sfc /scannow

 

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

 

Copy the next two lines:

 

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 

notepad \windows\logs\cbs\junk.txt 

 

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.

 

 

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

 

* System

4. Under 'Select type to list', select:

* Error

* Warning

 

 

Then use the 'Number of events' as follows:

 

 

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

 

 

Please post the Output log in your next reply then repeat but select Application.

 

 

If VEW is not working then Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Click on System.  Right click and Save All Events As.  To your desktop.  Syslog

 

Repeat for Applications but call it AppLog.  If the file is not bigger than 2 meg you should be able to attach them on separate posts tho you will probably need to rename the extension from .evtx to .txt

[stanleybeast]

Nothing happens when I hit check now. 

 

When I click manage it says service cannot be started  cuz its disabled or cuz it has no enabled devices associated with it..

 

Same with CMD.exe and msconfig.. the inf file in safe mode don't work when booted in normal