Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't update

Malware Sluggish

  • Please log in to reply

#61
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by MWG (administrator) on YVONNE-PC (19-08-2016 10:27:41)
Running from C:\Users\MWG\Desktop\FRST-OlderVersion
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-16] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C1312CAC-2938-47EA-B713-1E6989FE294B}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3432716916-1219727339-2741707856-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MWG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
FF Extension: Self-Destructing Cookies - C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default\Extensions\[email protected] [2016-06-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Profile: C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-20]
CHR Extension: (Google Docs) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-20]
CHR Extension: (Google Drive) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-06-20]
CHR Extension: (YouTube) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Google Search) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-20]
CHR Extension: (Google Sheets) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-20]
CHR Extension: (Norton Identity Safe) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-16] (AVAST Software)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-16] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 5F9389D9A2D5A2A7B03DC92914B43A88
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 1E90F0183CCAA7B3FC8FE169E73E50C9
C:\Windows\system32\drivers\aswKbd.sys D7847A66DB6C6406798C908D90E9AE59
C:\Windows\system32\drivers\aswMonFlt.sys 6125559B07114877853A229768F95BE6
C:\Windows\system32\drivers\aswRdr2.sys FEA71A461B2DCAB8C2B82528C7D20A1A
C:\Windows\System32\Drivers\aswRvrt.sys EC5095FB98E58DC25F45B926A4634AA4
C:\Windows\system32\drivers\aswSnx.sys 842E16A7ACB68E6230E45F709B72842F
C:\Windows\system32\drivers\aswSP.sys 16F45D8CA93560EFDE01611936513C4C
C:\Windows\system32\drivers\aswStm.sys FD63B57495A98B3529283313D2172BDB
C:\Windows\System32\Drivers\aswVmm.sys 30F52A22B6DE80DE0E7100BD3C0EE886
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys D6CAD7E5B05055BB8226BDCB1644DA27
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\CHDRT64.sys 66D12B53E117EF951D5E1CED03B4CC1B
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 898AB5BFED7040D7AB07AF01885EB944
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys CFBA6BCBBDC7E33813D92FFB3460FA07
C:\Windows\System32\Drivers\ksecpkg.sys CE66825289EE8326CB52C4E9E785ACB0
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 655A5D8E80869781CCE23760ADA7E695
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys B7FADA5E1E55BB63F90EB9F8F016113B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 34AFF1849B3EC042C40C5EEC9D78562A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 058CE7A55E140EB0C72FBA6FD2FA72DE
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 16897B0322DD56621DF5978131130AF2
C:\Windows\System32\DRIVERS\srv2.sys 978423DEC32318FFBCD76D01232AC0FF
C:\Windows\System32\DRIVERS\srvnet.sys CB06B3D4659D744131E691B7B4CE6B2D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 470C47DABA9CA3966F0AB3F835D7D135
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\system32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 10:25 - 2016-08-19 10:27 - 00000000 ____D C:\Users\MWG\Desktop\FRST-OlderVersion
2016-08-18 19:02 - 2016-08-18 19:07 - 00001436 _____ C:\Users\MWG\Desktop\dpclat - Shortcut.lnk
2016-08-18 19:01 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-08-18 19:01 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-08-18 19:01 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-08-18 19:01 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-08-18 19:01 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2016-08-18 19:01 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2016-08-18 19:01 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-08-18 19:01 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-08-18 19:01 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-08-18 19:01 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-08-18 19:01 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-08-18 19:01 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-08-18 19:01 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-08-18 18:58 - 2016-08-18 18:58 - 00306928 _____ (Thesycon GmbH) C:\Users\MWG\Downloads\dpclat.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-08-16 20:08 - 2016-08-18 19:25 - 00005937 _____ C:\Users\MWG\Desktop\procexp64.exe.txt
2016-08-16 20:02 - 2016-08-16 20:03 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\MWG\Downloads\procexp.exe
2016-08-16 20:00 - 2016-08-16 20:00 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\MWG\Desktop\procexp.exe
2016-08-14 18:59 - 2016-08-14 18:59 - 00000000 ____D C:\Users\MWG\AppData\Local\CEF
2016-08-14 18:53 - 2016-08-16 21:37 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1471215182
2016-08-14 18:53 - 2016-08-14 18:53 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-14 18:53 - 2016-08-14 18:53 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-14 18:52 - 2016-08-16 21:35 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-08-14 18:39 - 2016-08-14 18:39 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-14 18:39 - 2016-08-14 18:39 - 00000000 ____D C:\Users\MWG\AppData\Roaming\AVAST Software
2016-08-14 18:39 - 2016-08-14 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-14 18:38 - 2016-08-16 21:35 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-08-14 18:38 - 2016-08-14 18:38 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-08-14 18:35 - 2016-08-14 18:52 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-14 18:30 - 2016-08-14 18:30 - 00401577 _____ C:\unp305373392032433453.mdmp
2016-08-14 18:19 - 2016-08-14 18:52 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-14 18:06 - 2016-08-14 18:07 - 06319040 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-08-14 18:06 - 2016-08-14 18:07 - 06319040 _____ (AVAST Software) C:\Users\MWG\Downloads\avast_free_antivirus_setup_online.exe
2016-08-11 23:08 - 2016-08-11 23:08 - 00000000 ____D C:\Users\MWG\AppData\Roaming\WinBatch
2016-08-11 23:07 - 2016-08-11 23:12 - 35596648 _____ C:\Users\MWG\Downloads\tc50070300c.exe
2016-08-11 23:06 - 2016-08-11 23:12 - 50903632 _____ C:\Users\MWG\Downloads\tc50066400n.exe
2016-08-11 23:05 - 2016-08-11 23:05 - 04807544 _____ C:\Users\MWG\Downloads\tc50066600g.exe
2016-08-11 21:58 - 2016-08-11 22:00 - 05179639 _____ C:\Users\MWG\Downloads\TC00190600I.exe.part
2016-08-11 07:46 - 2016-08-11 07:46 - 00000000 ____D C:\windows\pss
2016-08-09 22:10 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-08-09 22:10 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-08-09 22:10 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-08-09 22:10 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-08-09 22:10 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-08-09 22:10 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-08-09 22:10 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-08-09 22:10 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-08-09 22:10 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-08-09 22:10 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-08-09 22:10 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-08-09 22:10 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-08-09 22:10 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-08-09 22:10 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-08-09 22:10 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-08-09 22:10 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-08-09 22:10 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-08-09 22:10 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-08-09 22:10 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-08-09 22:10 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-09 22:10 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-08-09 22:10 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-08-09 22:10 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-08-09 22:10 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-08-09 22:10 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-08-09 22:10 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-08-09 22:10 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-08-09 22:10 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-08-09 22:10 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-08-09 22:10 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-08-09 22:10 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-08-09 22:10 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-08-09 22:10 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-08-09 22:10 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-08-09 22:10 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-08-09 22:10 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-08-09 22:10 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-08-09 22:10 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-09 22:10 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-08-09 22:10 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-08-09 22:10 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-08-09 22:10 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-08-09 22:10 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-08-09 22:10 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-08-09 22:10 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-08-09 22:10 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-08-09 22:10 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-08-09 22:10 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-08-09 22:10 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-08-09 22:10 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-08-09 22:10 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-08-09 22:10 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-08-09 22:10 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-08-09 22:10 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-08-09 22:10 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-08-09 22:10 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-08-09 21:11 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-09 21:09 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-09 21:09 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-09 21:09 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-09 21:09 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-09 21:09 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-09 21:09 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-09 21:09 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-09 21:09 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-09 21:09 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-09 21:09 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-09 21:09 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-09 21:09 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-09 21:08 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-09 21:08 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-08-08 21:09 - 2016-05-16 19:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-08-08 21:09 - 2016-05-16 19:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-08-08 21:09 - 2016-05-16 19:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-08-08 21:09 - 2016-05-16 19:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-08-08 21:09 - 2016-05-16 19:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-08-08 21:09 - 2016-05-16 19:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-08-08 21:09 - 2016-05-16 19:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-08-08 21:09 - 2016-05-16 17:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-08-08 21:09 - 2016-05-16 17:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-08-08 21:09 - 2016-05-16 17:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-08-08 21:09 - 2016-05-16 17:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-08-08 21:09 - 2016-05-16 17:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-08-08 21:09 - 2016-05-16 17:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-08-08 21:09 - 2016-05-16 17:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-08-08 21:09 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-08-08 21:09 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-08-08 21:09 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-08-08 21:09 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-08-08 21:09 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-08-08 21:09 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-08-08 21:09 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-08-08 21:09 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-08-08 21:09 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-08-08 21:09 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-08-08 21:09 - 2016-05-12 13:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-08-08 21:09 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-08-08 21:09 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-08-08 21:09 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-08-08 21:09 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-08-08 21:09 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-08-08 21:09 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-08-08 21:09 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-08-08 21:02 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-08-08 21:02 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-08-08 21:02 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-08-08 21:02 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-08-08 21:02 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-08-08 21:02 - 2015-12-16 10:38 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2016-08-08 21:02 - 2015-12-16 10:37 - 00419928 _____ C:\windows\system32\locale.nls
2016-08-08 18:59 - 2016-08-14 18:13 - 00001945 _____ C:\windows\epplauncher.mif
2016-08-08 18:00 - 2015-08-05 13:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-08-08 18:00 - 2015-08-05 13:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-08-07 12:33 - 2016-08-07 12:33 - 00000000 ____D C:\Users\MWG\AppData\Local\Windows Live
2016-08-05 20:11 - 2016-08-07 20:43 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Yahoo Messenger
2016-08-05 20:11 - 2016-08-05 20:11 - 00002324 _____ C:\Users\MWG\Desktop\Yahoo Messenger.lnk
2016-08-05 20:11 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Inc
2016-08-05 20:11 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Local\yahoomessenger
2016-08-05 20:09 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Local\SquirrelTemp
2016-08-05 19:59 - 2016-08-05 20:01 - 45516304 _____ (Yahoo! Inc) C:\Users\MWG\Downloads\yahoo-messenger-0.8.109-win32.exe
2016-08-05 19:52 - 2016-08-05 19:52 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Yahoo!
2016-08-03 05:40 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 05:40 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 05:09 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-08-03 05:09 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-08-03 05:09 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-08-03 05:09 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-08-03 05:09 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-08-03 05:09 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-08-03 05:09 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-08-03 05:09 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-08-03 05:09 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-08-03 05:09 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-08-03 05:07 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-08-03 05:07 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-08-03 05:07 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-08-03 05:07 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-08-03 05:07 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-08-03 05:07 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2016-08-03 05:07 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2016-08-03 05:07 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2016-08-03 05:07 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2016-08-03 05:06 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-08-03 05:06 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-08-03 05:06 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-08-03 05:06 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2016-08-03 05:06 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2016-08-03 04:47 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2016-08-03 04:47 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2016-08-01 19:04 - 2016-08-01 19:05 - 00000000 ____D C:\0c64389ccba9a62a97ec0cbbe6
2016-08-01 00:40 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2016-08-01 00:40 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2016-08-01 00:40 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2016-08-01 00:40 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2016-08-01 00:40 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2016-08-01 00:40 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2016-08-01 00:40 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2016-08-01 00:39 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-08-01 00:39 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-08-01 00:37 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-08-01 00:37 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-08-01 00:37 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-08-01 00:37 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-08-01 00:37 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-08-01 00:37 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-08-01 00:37 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-08-01 00:37 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-08-01 00:37 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-08-01 00:37 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-08-01 00:37 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2016-08-01 00:37 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2016-08-01 00:37 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-08-01 00:37 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-08-01 00:37 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-08-01 00:37 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-08-01 00:36 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-08-01 00:36 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-08-01 00:36 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-08-01 00:36 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-08-01 00:36 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2016-08-01 00:36 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2016-08-01 00:36 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2016-08-01 00:36 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-08-01 00:36 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-08-01 00:36 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-08-01 00:21 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-08-01 00:20 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-08-01 00:20 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-08-01 00:20 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-08-01 00:20 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-08-01 00:20 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-08-01 00:19 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-08-01 00:19 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-08-01 00:19 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-08-01 00:19 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-08-01 00:19 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-08-01 00:19 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-08-01 00:19 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-08-01 00:19 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-08-01 00:19 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-08-01 00:19 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-08-01 00:19 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-08-01 00:19 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-08-01 00:19 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-08-01 00:19 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2016-08-01 00:19 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-08-01 00:19 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-08-01 00:19 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-08-01 00:19 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-08-01 00:19 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-08-01 00:19 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2016-08-01 00:18 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-08-01 00:18 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-08-01 00:18 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-08-01 00:18 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-08-01 00:18 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-08-01 00:18 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-08-01 00:18 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-08-01 00:18 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-08-01 00:18 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-08-01 00:18 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-08-01 00:18 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-08-01 00:18 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-08-01 00:18 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-08-01 00:18 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-08-01 00:18 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-08-01 00:18 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-08-01 00:18 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-08-01 00:18 - 2015-09-14 17:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-08-01 00:18 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-08-01 00:18 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-08-01 00:18 - 2015-06-03 16:17 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-08-01 00:17 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-08-01 00:17 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-08-01 00:17 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-08-01 00:17 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-08-01 00:17 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-08-01 00:17 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2016-08-01 00:17 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-08-01 00:17 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-08-01 00:17 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-08-01 00:17 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-08-01 00:17 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2016-08-01 00:17 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2016-08-01 00:17 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-08-01 00:17 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-08-01 00:17 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-08-01 00:17 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-08-01 00:17 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-08-01 00:17 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-08-01 00:17 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-08-01 00:17 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-08-01 00:17 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2016-08-01 00:17 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2016-08-01 00:17 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2016-08-01 00:17 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2016-08-01 00:17 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2016-08-01 00:17 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2016-08-01 00:16 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-08-01 00:16 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-08-01 00:16 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-08-01 00:16 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-08-01 00:16 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-08-01 00:16 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-08-01 00:16 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-08-01 00:16 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-08-01 00:16 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-08-01 00:16 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-08-01 00:16 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-08-01 00:16 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-08-01 00:16 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-08-01 00:16 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-08-01 00:16 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-08-01 00:16 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-08-01 00:16 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-08-01 00:16 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-08-01 00:16 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-08-01 00:16 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-08-01 00:16 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-08-01 00:16 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-08-01 00:16 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-08-01 00:16 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-08-01 00:16 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-08-01 00:16 - 2015-10-29 13:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2016-08-01 00:16 - 2015-10-29 13:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2016-08-01 00:16 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2016-08-01 00:16 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2016-08-01 00:16 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2016-08-01 00:16 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2016-08-01 00:16 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2016-08-01 00:16 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2016-08-01 00:16 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2016-08-01 00:16 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-08-01 00:16 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-08-01 00:16 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-08-01 00:15 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-08-01 00:15 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-08-01 00:15 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-08-01 00:15 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-08-01 00:15 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-08-01 00:15 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-08-01 00:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-08-01 00:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-08-01 00:15 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-08-01 00:15 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-08-01 00:15 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-08-01 00:15 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-08-01 00:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-08-01 00:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-08-01 00:15 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2016-08-01 00:15 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2016-08-01 00:15 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-08-01 00:15 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2016-08-01 00:15 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2016-07-28 08:58 - 2016-07-28 08:59 - 00000000 ____D C:\19fb4b25171339d25ed1
2016-07-27 08:58 - 2016-07-27 08:58 - 00000000 ____D C:\windows\CheckSur
2016-07-25 23:01 - 2016-07-25 23:01 - 00000000 ____D C:\8ac1431f9109642a775ccf
2016-07-25 21:23 - 2016-07-25 21:24 - 00000000 ____D C:\d5fa0e1fb5fdab213d4c741b3f34
2016-07-25 19:53 - 2016-07-25 19:54 - 00000000 ____D C:\86a309109a7a65ff00f9d177e8232b
2016-07-25 19:15 - 2016-07-25 19:51 - 564744309 _____ C:\Users\MWG\Desktop\Windows6.1-KB947821-v34-x64.msu
2016-07-24 21:06 - 2016-07-24 22:21 - 00006077 _____ C:\junk.txt
2016-07-24 15:07 - 2016-07-24 15:09 - 00000467 _____ C:\VEW.txt
2016-07-24 15:04 - 2016-07-24 15:04 - 00061440 _____ ( ) C:\Users\MWG\Desktop\VEW.exe
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Sun
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\AppData\LocalLow\Sun
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\.oracle_jre_usage
2016-07-24 14:23 - 2016-07-24 14:23 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2016-07-24 14:23 - 2016-07-24 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-24 14:22 - 2016-07-24 14:22 - 00000000 ____D C:\ProgramData\Oracle
2016-07-24 14:21 - 2016-07-24 14:21 - 00000000 ____D C:\Program Files\Java
2016-07-24 14:12 - 2016-07-24 14:20 - 62041152 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jre-8u101-windows-x64.exe
2016-07-24 14:06 - 2016-07-24 14:07 - 00739904 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jxpiinstall(1).exe
2016-07-24 14:06 - 2016-07-24 14:06 - 00000000 ____D C:\Users\MWG\AppData\LocalLow\Oracle
2016-07-24 14:04 - 2016-07-24 14:04 - 00003120 _____ C:\windows\System32\Tasks\{EBDE9B33-258F-4BCC-BC6D-63DDEBD65416}
2016-07-24 14:01 - 2016-07-24 14:01 - 00739904 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jxpiinstall.exe
2016-07-24 13:56 - 2016-07-24 13:56 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool(1).exe
2016-07-23 17:37 - 2016-08-19 10:27 - 00000000 ____D C:\FRST
2016-07-23 17:36 - 2016-08-19 10:25 - 02265088 _____ C:\Users\MWG\Desktop\FRST64.exe
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieUserList
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieBrowserModeList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieUserList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieSiteList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieBrowserModeList
2016-07-23 17:11 - 2016-07-23 17:12 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool.exe
2016-07-23 17:04 - 2016-07-23 17:04 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT.exe
2016-07-22 22:44 - 2016-08-03 21:14 - 00000000 ____D C:\Users\MWG\Documents\My Received Files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 10:27 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-19 10:27 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-19 10:19 - 2010-10-15 13:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 10:18 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-18 22:41 - 2012-04-21 07:59 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-18 22:33 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-08-18 22:31 - 2010-10-15 13:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 18:32 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-15 18:32 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-08-15 03:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-08-14 19:29 - 2016-06-21 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-14 18:38 - 2016-06-29 21:45 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-11 23:19 - 2010-12-28 13:20 - 00014342 _____ C:\windows\system32\results.xml
2016-08-11 22:01 - 2016-06-20 21:26 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Toshiba
2016-08-09 21:54 - 2009-07-14 00:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-09 21:38 - 2013-09-12 15:17 - 00000000 ____D C:\windows\system32\MRT
2016-08-09 21:21 - 2011-06-05 09:30 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-09 20:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2016-08-08 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-08-08 17:40 - 2015-01-24 12:48 - 00000000 ___SD C:\windows\system32\CompatTel
2016-08-08 17:40 - 2015-01-24 12:48 - 00000000 ____D C:\windows\system32\appraiser
2016-08-07 00:20 - 2013-04-27 12:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-07 00:20 - 2013-04-27 12:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-06 17:00 - 2013-04-27 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-05 23:30 - 2016-07-01 23:29 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Paltalk
2016-08-05 05:52 - 2015-01-26 13:44 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 05:52 - 2015-01-26 13:44 - 00002113 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 13:46 - 2014-07-27 13:05 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-07-28 21:26 - 2010-10-15 13:41 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 21:26 - 2010-10-15 13:41 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-26 14:24 - 2011-06-04 01:35 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-24 14:24 - 2016-06-20 21:12 - 00000000 ____D C:\Users\MWG
2016-07-24 13:54 - 2010-10-15 13:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-07-24 13:54 - 2010-10-15 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-07-23 17:18 - 2016-06-20 21:47 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieSiteList
2016-07-23 17:16 - 2010-12-28 13:36 - 00000000 ____D C:\ProgramData\Norton
2016-07-23 16:34 - 2016-06-29 21:45 - 00000000 ____D C:\windows\System32\Tasks\Remediation

Files to move or delete:
====================
C:\Users\Yvonne\flashplayer11_b2_install_win_ax32_080811.exe


Some files in TEMP:
====================
C:\Users\MWG\AppData\Local\Temp\exe1C3C.tmp.exe
C:\Users\MWG\AppData\Local\Temp\{A815631B-F05A-420E-914B-F8D932E168F2}-51.0.2704.103_chrome_installer.exe
C:\Users\Yvonne\AppData\Local\Temp\4F79.exe
C:\Users\Yvonne\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-15 03:14

==================== End of FRST.txt ============================


  • 0

Advertisements


#62
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by MWG (19-08-2016 10:29:43)
Running from C:\Users\MWG\Desktop\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-27 08:53:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3432716916-1219727339-2741707856-500 - Administrator - Disabled)
Guest (S-1-5-21-3432716916-1219727339-2741707856-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3432716916-1219727339-2741707856-1002 - Limited - Enabled)
MWG (S-1-5-21-3432716916-1219727339-2741707856-1004 - Administrator - Enabled) => C:\Users\MWG
Sandra Sue (S-1-5-21-3432716916-1219727339-2741707856-1003 - Limited - Enabled) => C:\Users\Sandra Sue
Yvonne (S-1-5-21-3432716916-1219727339-2741707856-1000 - Administrator - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2279 - AVAST Software)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2091.0 - Motorola)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Messenger  11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.646.17836 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo Messenger (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\yahoomessenger) (Version: 0.8.109 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038E4B8A-B55A-4760-9B4E-796249AE0781} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {1A9EF062-2483-4C12-A73A-0EAE2670A11F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {21776848-0AA7-40A0-BB55-322DC2F3BD22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-14] (AVAST Software)
Task: {235401CF-5FBF-45D1-B036-9296F2703D5C} - System32\Tasks\SafeZone scheduled Autoupdate 1471215182 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {38A2DC8E-B50D-4E52-9664-1831FDBECBFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-16] (AVAST Software)
Task: {7558A3EF-A712-4F4B-ABF3-35E46EF22C8F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {864F6376-14FC-47B2-91C1-58B00409497B} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {BB4B46A9-D667-463E-944C-D2D13A238C06} - System32\Tasks\{EBDE9B33-258F-4BCC-BC6D-63DDEBD65416} => pcalua.exe -a C:\Users\MWG\Downloads\jxpiinstall.exe -d C:\Users\MWG\Downloads
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {D3F145A7-D242-406B-99A1-E9B96BFDA1CF} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-08-10 15:35 - 2011-08-10 15:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-08-08 18:11 - 2011-08-08 18:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-18 19:08 - 2016-08-18 19:08 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16081802\algo.dll
2016-08-16 21:35 - 2016-08-16 21:35 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-07-07 16:12 - 2011-07-07 16:12 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2016-08-14 18:38 - 2016-08-14 18:38 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^MWG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Yahoo Messenger Updater => C:\Users\MWG\AppData\Local\yahoomessenger\app-0.8.109\resources\app.asar.unpacked\native\win32\YMUpdater.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD72228C-F03E-42DE-9EAF-CDA168AB6CE0}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{762A0E22-3559-40A3-A729-7133688BA1C8}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{9B6526C6-F259-4D42-BEC6-AAC888175C89}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{3DAA96BC-4128-493A-A769-8D78F6A90128}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{F8CC4B92-A780-4042-B97F-21343F09CF79}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A0D03C2D-CCC5-4403-B15D-A651506CCDB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{33750F64-5E74-4FF8-9386-C319835C59AD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5BE129EC-5CED-4D1C-B225-6CFF9D327298}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48CA58B9-1F68-4014-BD57-F18C94164C9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE025C88-985E-4A93-8914-4D9122E1743F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{604F6F94-A468-4CCB-8BF6-3CD09C2B5989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{DE882C51-FF7B-4F94-84EE-0081C2596963}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{DB8A7E77-21C2-4070-9140-42F88D477ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-08-2016 19:21:25 Windows Update
08-08-2016 16:08:39 Windows Update
08-08-2016 18:01:40 Windows Update
08-08-2016 21:09:57 Windows Update
09-08-2016 21:11:42 Windows Update
09-08-2016 22:10:56 Windows Update
13-08-2016 17:56:52 Windows Update
18-08-2016 19:01:57 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2016 06:39:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/16/2016 07:01:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avast Antivirus service depends on the aswMonFlt service which failed to start because of the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswRdr service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswSnx service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswSP service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! VM Monitor service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/09/2016 09:22:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..9.0218.01.225.3561.07%%859 = Writeable NCs prevent this DC from demoting.NT AUTHORITYSYSTEMS-1-5-181%%8001 = Writeable NCs prevent this DC from demoting.%%8031 = Writeable NCs prevent this DC from demoting..1.12902.00x80240016An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2%%853 = Writeable NCs prevent this DC from demoting.http://www.microsoft.com


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 2939.98 MB
Available physical RAM: 1818.66 MB
Total Virtual: 5878.14 MB
Available Virtual: 4603.23 MB

==================== Drives ================================

Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:168.24 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End of Addition.txt ============================


  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Let's remove some Norton trash with a fixlist:

 

Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   1.73KB   37 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
 
Avast looks like it may have had a problem so download a new copy:
 
 
Click on Download then choose the free version.
 
 
Download, Save then uninstall Avast.  Reboot and install the new version by right clicking and run as admin.
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
I see one driver that looks a bit odd:
 
Can you right click on C:\Windows\system32\drivers\appid.sys
and select properties then Details.  What version number does it show?
 
You may need to unhide it first:
 
 
Control Panel, (View By:  Large Icons)  Folder Options, View.
 
Uncheck Hide Extensions for Known File Types
Uncheck Hide Protected System Files
Check Show Hidden Files,Folders and Drives.
OK
 
 
Let's also sunmit it to virustotal:
 
 
Easiest way to submit a file is to copy the path:
 
C:\Windows\system32\drivers\appid.sys
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with appid.sys chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 46+ different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 46+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
 
 
 
 

  • 0

#64
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by MWG (21-08-2016 22:25:38) Run:1
Running from C:\Users\MWG\Desktop
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{DE882C51-FF7B-4F94-84EE-0081C2596963}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe









*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FCD5747-58F2-4395-B6F5-BAC6830F9AE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCD5747-58F2-4395-B6F5-BAC6830F9AE3}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB96A64B-1AC4-4338-B6F3-D0F599202F52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB96A64B-1AC4-4338-B6F3-D0F599202F52}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{285BACFA-0CCF-4CD4-A1D8-92834E4CB254} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3E30077-1939-4CBD-9C1B-C5807AA7B28E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE882C51-FF7B-4F94-84EE-0081C2596963} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8} => value removed successfully

==== End of Fixlog 22:25:39 ====


  • 0

#65
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

appid.sys   version  6.1.7601.23455


  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

See if turning off netbios helps:

 

https://marjanrepic....-windows-7-ent/

 

After you do the above, reboot and then run another Process Explorer log


  • 0

#67
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Also, when I used virus total and copied appid.sys it said file not found


  • 0

#68
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

ok log after turning of netbios

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    32.86    22,580 K    39,532 K    1480    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    28.79    0 K    24 K    0            
svchost.exe    15.21    71,508 K    79,340 K    864    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
dwm.exe    6.17    40,328 K    20,856 K    1948    Desktop Window Manager    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
dllhost.exe    4.90    1,724 K    5,508 K    1732    COM Surrogate    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
Interrupts    3.09    0 K    0 K    n/a    Hardware Interrupts and DPCs        
svchost.exe    2.48    56,800 K    58,996 K    2640    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
explorer.exe    1.86    25,436 K    40,548 K    1984    Windows Explorer    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
csrss.exe    1.32    2,672 K    11,968 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
NServiceEntry.exe    0.85    2,612 K    6,460 K    1416    NService Application    Nero AG    (Verified) Nero AG
svchost.exe    0.74    3,232 K    6,980 K    720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
System    0.59    184 K    1,408 K    4            
svchost.exe    0.38    3,676 K    8,764 K    652    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.24    3,776 K    10,676 K    532    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.15    19,680 K    12,952 K    2936    Microsoft Windows Search Indexer    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.08    6,616 K    11,168 K    892    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.06    27,388 K    36,356 K    916    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
taskhost.exe    0.04    3,536 K    8,264 K    1812    Host Process for Windows Tasks    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.04    13,208 K    14,752 K    1076    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
lsm.exe    0.04    2,212 K    4,020 K    540    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.03    14,424 K    31,760 K    2864    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.02    8,884 K    13,564 K    1252    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
csrss.exe    0.02    1,980 K    6,376 K    388    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    0.01    6,232 K    14,732 K    1976    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
SearchProtocolHost.exe    0.01    2,600 K    7,480 K    716    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,372 K    4,576 K    1668    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe        2,656 K    6,488 K    436    WMI Provider Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe        3,680 K    8,488 K    2616    WMI Provider Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WLIDSVCM.EXE        1,020 K    3,232 K    380    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,532 K    6,872 K    496    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,316 K    4,284 K    428    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,248 K    4,768 K    1804    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskeng.exe        1,532 K    4,976 K    1216    Task Scheduler Engine    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        4,384 K    9,276 K    2716    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        2,008 K    5,476 K    2436    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        2,036 K    5,336 K    324    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        16,032 K    17,088 K    820    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        4,360 K    9,840 K    1440    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,656 K    5,312 K    1580    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
sppsvc.exe        2,360 K    8,244 K    1572    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,196 K    11,000 K    1208    Spooler SubSystem App    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
smss.exe        376 K    1,080 K    292    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4,780 K    8,520 K    524    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,532 K    4,736 K    2348    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,624 K    7,032 K    1800    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
MotoHelperService.exe        3,252 K    8,060 K    1504    MotoHelper Service        (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe        1,616 K    6,740 K    1336    MotoHelperAgent        (Verified) Motorola Mobility Inc.
igfxtray.exe        1,800 K    5,864 K    2520    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        2,176 K    7,860 K    2536    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,684 K    9,588 K    2528    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
cAudioFilterAgent64.exe        1,708 K    5,368 K    2544    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        2,004 K    7,176 K    1360    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        15,840 K    16,088 K    1008    Windows Audio Device Graph Isolation     Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
 


  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

There are three services we can live without.  Let's see if turning them off makes any difference:

 

Search for 

services.msc

hit Enter.

 

Find

 

AffinegyService and STOP the service.

 Look at Process Explorer and see if either System Idle  goes up or Interrupts goes down.

 

Repeat for:

MotoHelper
WinDefend

 

If no change

 

Uninstall Avast, reboot and make a new log.

 

If System Idle doesn't improve or Interrupts go down then reinstall.


  • 0

#70
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Stopped the services except windows defender didn't have that option, it only had option to start.  uninstalled avast and here is new log

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    33.78    22,536 K    38,288 K    2456    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    22.58    0 K    24 K    0            
firefox.exe    20.64    207,288 K    227,536 K    624    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
Interrupts    6.25    0 K    0 K    n/a    Hardware Interrupts and DPCs        
dwm.exe    5.91    42,480 K    23,100 K    544    Desktop Window Manager    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    5.88    388,656 K    220,456 K    972    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
csrss.exe    2.52    2,084 K    12,628 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
System    1.91    184 K    1,564 K    4            
explorer.exe    0.24    25,260 K    38,048 K    1812    Windows Explorer    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
wmpnetwk.exe    0.10    14,496 K    31,844 K    1388    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
NServiceEntry.exe    0.05    2,552 K    5,928 K    1368    NService Application    Nero AG    (Verified) Nero AG
SearchIndexer.exe    0.05    19,648 K    11,824 K    2876    Microsoft Windows Search Indexer    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.02    13,592 K    14,384 K    1060    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.02    6,560 K    10,604 K    936    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
SearchProtocolHost.exe    0.01    2,636 K    5,984 K    2996    Microsoft Windows Search Protocol Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe    0.01    9,128 K    12,660 K    1252    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
csrss.exe    < 0.01    2,068 K    6,276 K    392    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    < 0.01    4,912 K    9,716 K    1804    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
svchost.exe    < 0.01    56,628 K    64,132 K    3044    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
TODDSrv.exe    < 0.01    1,364 K    4,340 K    1660    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe        2,492 K    6,380 K    584    WMI Provider Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe        3,904 K    8,740 K    884    WMI Provider Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
WLIDSVCM.EXE        1,008 K    2,964 K    1892    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,528 K    6,324 K    496    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,304 K    4,084 K    432    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        3,940 K    9,208 K    3408    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,240 K    4,312 K    1696    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhost.exe        8,160 K    9,172 K    1524    Host Process for Windows Tasks    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
taskhost.exe        5,660 K    11,504 K    3308    Host Process for Windows Tasks    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
taskeng.exe        1,484 K    4,760 K    1216    Task Scheduler Engine    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        3,628 K    8,064 K    652    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        88,784 K    97,840 K    888    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        3,204 K    6,636 K    720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        17,688 K    17,028 K    772    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        4,544 K    9,284 K    2036    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,644 K    4,980 K    1572    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        2,184 K    5,324 K    2788    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        1,876 K    4,912 K    364    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
svchost.exe        4,332 K    8,924 K    1416    Host Process for Windows Services    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
sppsvc.exe        2,276 K    8,172 K    848    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,164 K    9,200 K    1208    Spooler SubSystem App    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
smss.exe        656 K    1,152 K    292    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        5,284 K    8,060 K    532    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,528 K    4,776 K    3484    Microsoft Windows Search Filter Host    Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
procexp.exe        2,616 K    7,020 K    2540    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
MotoHelperService.exe        2,460 K    6,988 K    1476    MotoHelper Service        (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe        1,608 K    6,408 K    2168    MotoHelperAgent        (Verified) Motorola Mobility Inc.
lsm.exe        2,184 K    3,832 K    548    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        3,796 K    9,604 K    540    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
igfxtray.exe        1,796 K    5,632 K    2368    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        2,168 K    7,412 K    2384    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,616 K    9,052 K    2376    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
cAudioFilterAgent64.exe        1,728 K    5,000 K    2392    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        2,008 K    6,768 K    1324    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        16,416 K    16,472 K    272    Windows Audio Device Graph Isolation     Microsoft Corporation    (No signature was present in the subject) Microsoft Corporation
 


  • 0

Advertisements


#71
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Better reinstall Avast.  Actually made things worse.

 

Try booting into the Safe Mdoe menu

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears)

and choosing Enable Low Resolution Video

 

Run Process Explorer in this mode and let's see if that has any effect.  Also run DPC (if it will run) - Do you still have red?

 

Return to normal mode

 

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:
[list]
 
 
[*]List last 10 Event Viewer Errors
 
[*]List Devices
 
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

  • 0

#72
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Avast reinstalled

 

DPC runned in safemode had more red bars than regular mode had 9 side by by side then space in between and 2 more

 

New Log

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    36.93    0 K    24 K    0            
WmiPrvSE.exe    26.22    4,144 K    9,164 K    3536    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    14.56    22,968 K    40,152 K    3976    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    5.26    36,016 K    19,900 K    2184    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    4.57    392,220 K    222,768 K    272    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    3.51    0 K    0 K    n/a    Hardware Interrupts and DPCs        
svchost.exe    2.20    92,900 K    101,556 K    956    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
NServiceEntry.exe    2.05    2,636 K    5,536 K    1580    NService Application    Nero AG    (Verified) Nero AG
csrss.exe    1.89    2,196 K    8,536 K    500    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
System    1.57    196 K    2,072 K    4            
lsass.exe    0.37    3,800 K    9,508 K    608    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.18    30,780 K    47,860 K    2216    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.14    3,664 K    8,060 K    720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastSvc.exe    0.12    51,788 K    43,772 K    1244    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.10    7,240 K    10,580 K    1004    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
lsm.exe    0.07    2,244 K    3,856 K    616    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.06    16,136 K    15,132 K    848    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
services.exe    0.06    5,120 K    7,940 K    592    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.04    4,528 K    9,308 K    3108    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.03    10,444 K    9,296 K    2960    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
csrss.exe    0.02    2,376 K    6,884 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    13,004 K    13,724 K    1092    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.01    20,688 K    14,980 K    3276    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVC.EXE    0.01    6,336 K    12,796 K    1936    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
SearchProtocolHost.exe    0.01    2,632 K    7,488 K    2180    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    9,496 K    12,548 K    1440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,340 K    4,188 K    1776    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
wmpnetwk.exe        14,268 K    31,508 K    3024    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,632 K    6,420 K    228    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        996 K    2,880 K    1356    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,444 K    6,092 K    536    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,308 K    4,048 K    492    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,448 K    5,280 K    3460    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        3,764 K    9,260 K    2660    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,228 K    4,036 K    1816    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhost.exe        3,472 K    7,672 K    1120    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,504 K    4,652 K    1404    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,308 K    6,744 K    796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,036 K    5,024 K    2284    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,364 K    8,820 K    1620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,212 K    5,068 K    792    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,712 K    4,952 K    1752    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
sppsvc.exe        2,288 K    8,164 K    932    Microsoft Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,540 K    9,020 K    1388    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        412 K    1,052 K    340    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,520 K    4,728 K    3720    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,576 K    6,944 K    3800    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
MotoHelperService.exe        2,420 K    6,640 K    1660    MotoHelper Service        (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe        1,548 K    6,368 K    2420    MotoHelperAgent        (Verified) Motorola Mobility Inc.
igfxtray.exe        1,776 K    5,344 K    2672    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        2,144 K    7,220 K    2688    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,592 K    8,940 K    2680    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
cAudioFilterAgent64.exe        1,700 K    4,960 K    2716    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        1,956 K    6,364 K    1528    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        15,788 K    15,880 K    660    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
 


  • 0

#73
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

MiniToolBox by Farbar  Version: 17-06-2016
Ran by MWG (administrator) on 24-08-2016 at 19:56:46
Running from "C:\Users\MWG\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: Satellite C655 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2016 07:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0x1348
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/24/2016 07:25:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54b7
Exception code: 0xc000000d
Fault offset: 0x00000000000689e2
Faulting process id: 0xa64
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 09:14:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0xe68
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/24/2016 07:41:30 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224134801d1fe610931dad3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082400\bcuengine.dll4795afa9-6a54-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.23455573a54b7c000000d00000000000689e2a6401d1fe5dc7f8a704C:\windows\System32\svchost.exeC:\windows\SYSTEM32\ntdll.dll0354ce58-6a52-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll

Error: (08/22/2016 09:14:26 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224e6801d1fcdbafe129c3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082201\bcuengine.dllee538832-68ce-11e6-a2ef-00266c9da200

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll


========================= Devices: ================================


**** End of log ****
 


  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP

Not sure why but I don't see any Drivers in Minitolbox.

 

Looks like your Avast didn't install correctly so you might want to try it again.

 

DPC may have gotten worse but Interrupts went down so there may be a problem with the video driver.  

 

If you stop the Windows Management Instrumentation service the PE log would be almost decent.


  • 0

#75
its_chele

its_chele

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts

Ok uninstalled and reinstalled avast again LOL

Stopped Windows Management Instrumentation.

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
procexp64.exe    28.99    23,428 K    40,828 K    2748    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
System Idle Process    30.89    0 K    24 K    0            
WmiPrvSE.exe    17.23    5,112 K    9,504 K    3744    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
AvastSvc.exe    13.79    75,624 K    45,736 K    1248    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
dwm.exe    4.92    42,984 K    21,912 K    2072    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    5.45    0 K    0 K    n/a    Hardware Interrupts and DPCs        
svchost.exe    2.16    102,392 K    104,380 K    960    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
System    1.86    364 K    11,904 K    4            
csrss.exe    1.82    2,112 K    9,956 K    488    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.07    371,580 K    208,484 K    360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.13    25,096 K    31,792 K    2084    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe        5,720 K    11,228 K    596    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,764 K    7,564 K    712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        16,136 K    13,836 K    836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
AvastUI.exe    0.03    32,808 K    14,924 K    3060    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
svchost.exe    0.02    24,404 K    24,772 K    1172    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    7,044 K    10,272 K    1008    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.01    21,180 K    14,612 K    2096    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
TODDSrv.exe    < 0.01    1,336 K    3,896 K    1652    TDCSrv Application    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
wmpnetwk.exe        14,680 K    5,760 K    3840    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
WmiPrvSE.exe        2,604 K    6,292 K    1940    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
WLIDSVCM.EXE        988 K    2,720 K    1924    Microsoft® Windows Live ID Service Monitor    Microsoft Corp.    (Verified) Microsoft Corporation
WLIDSVC.EXE        4,900 K    7,996 K    1800    Microsoft® Windows Live ID Service    Microsoft Corp.    (Verified) Microsoft Corporation
winlogon.exe        2,456 K    5,584 K    524    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,308 K    3,728 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        1,448 K    5,324 K    3696    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
TrustedInstaller.exe        4,476 K    9,456 K    3652    Windows Modules Installer    Microsoft Corporation    (Verified) Microsoft Windows
TosCoSrv.exe        2,220 K    3,592 K    1684    TOSHIBA Power Saver    TOSHIBA Corporation    (Verified) TOSHIBA CORPORATION
taskhost.exe        3,652 K    7,540 K    2012    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        1,500 K    4,788 K    1344    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,328 K    6,548 K    788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,988 K    5,460 K    3364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    9,344 K    8,752 K    1388    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,476 K    9,276 K    3540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,696 K    4,680 K    1624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,028 K    4,508 K    2464    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,204 K    4,900 K    784    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,300 K    8,244 K    1520    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        6,164 K    7,728 K    1336    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        416 K    996 K    340    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
services.exe        4,692 K    6,704 K    580    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
procexp.exe        2,576 K    6,928 K    3240    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
lsm.exe        2,260 K    3,712 K    604    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
igfxtray.exe        1,772 K    4,896 K    2608    igfxTray Module    Intel Corporation    (Verified) Intel Corporation
igfxpers.exe        2,140 K    6,856 K    2624    persistence Module    Intel Corporation    (Verified) Intel Corporation
hkcmd.exe        2,580 K    8,368 K    2616    hkcmd Module    Intel Corporation    (Verified) Intel Corporation
firefox.exe        201,348 K    238,976 K    1004    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
csrss.exe    < 0.01    2,308 K    6,312 K    440    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
cAudioFilterAgent64.exe        1,672 K    4,832 K    2632    Conexant High Definition Audio Filter Agent    Conexant Systems, Inc.    (Verified) Conexant Systems
BelkinService.exe        1,972 K    5,624 K    1480    BelkinService    Affinegy, Inc.    (Verified) Affinegy
audiodg.exe        16,184 K    16,404 K    3288    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
 


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware, Sluggish

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP