Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer won't update

Started by its_chele , Jul 23 2016 04:10 PM

Malware Sluggish

Page 5 of 10
3
4
5
6
7

Please log in to reply

#61
its_chele

Posted 19 August 2016 - 08:34 AM

Member

Topic Starter
Member
91 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by MWG (administrator) on YVONNE-PC (19-08-2016 10:27:41)
Running from C:\Users\MWG\Desktop\FRST-OlderVersion
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-16] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-12-28]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{C1312CAC-2938-47EA-B713-1E6989FE294B}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D814DCA1-B254-42A2-A9A2-BEA05A16927C} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> DefaultScope {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
SearchScopes: HKU\S-1-5-21-3432716916-1219727339-2741707856-1004 -> {7543A88B-BF5F-4549-A07E-E2DC54848044} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-16] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-16] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-03] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-06-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-06-29] (Google Inc.)

FireFox:
========
FF ProfilePath: C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3432716916-1219727339-2741707856-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MWG\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
FF Extension: Self-Destructing Cookies - C:\Users\MWG\AppData\Roaming\Mozilla\Firefox\Profiles\7uxwle11.default\Extensions\[email protected] [2016-06-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-16]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Profile: C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-20]
CHR Extension: (Google Docs) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-20]
CHR Extension: (Google Drive) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-06-20]
CHR Extension: (YouTube) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-20]
CHR Extension: (Google Search) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-06-20]
CHR Extension: (Google Sheets) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-20]
CHR Extension: (Norton Identity Safe) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-20]
CHR Extension: (Gmail) - C:\Users\MWG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [566688 2011-02-24] (Affinegy, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-16] (AVAST Software)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969560 2016-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-16] (AVAST Software)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 5F9389D9A2D5A2A7B03DC92914B43A88
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 1E90F0183CCAA7B3FC8FE169E73E50C9
C:\Windows\system32\drivers\aswKbd.sys D7847A66DB6C6406798C908D90E9AE59
C:\Windows\system32\drivers\aswMonFlt.sys 6125559B07114877853A229768F95BE6
C:\Windows\system32\drivers\aswRdr2.sys FEA71A461B2DCAB8C2B82528C7D20A1A
C:\Windows\System32\Drivers\aswRvrt.sys EC5095FB98E58DC25F45B926A4634AA4
C:\Windows\system32\drivers\aswSnx.sys 842E16A7ACB68E6230E45F709B72842F
C:\Windows\system32\drivers\aswSP.sys 16F45D8CA93560EFDE01611936513C4C
C:\Windows\system32\drivers\aswStm.sys FD63B57495A98B3529283313D2172BDB
C:\Windows\System32\Drivers\aswVmm.sys 30F52A22B6DE80DE0E7100BD3C0EE886
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys D6CAD7E5B05055BB8226BDCB1644DA27
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3323F76352B0AF14B2CDC4DFBF3E980A
C:\Windows\System32\drivers\CHDRT64.sys 66D12B53E117EF951D5E1CED03B4CC1B
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 898AB5BFED7040D7AB07AF01885EB944
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys CFBA6BCBBDC7E33813D92FFB3460FA07
C:\Windows\System32\Drivers\ksecpkg.sys CE66825289EE8326CB52C4E9E785ACB0
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 655A5D8E80869781CCE23760ADA7E695
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys B7FADA5E1E55BB63F90EB9F8F016113B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 34AFF1849B3EC042C40C5EEC9D78562A
C:\Windows\System32\DRIVERS\mrxsmb20.sys 058CE7A55E140EB0C72FBA6FD2FA72DE
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 16897B0322DD56621DF5978131130AF2
C:\Windows\System32\DRIVERS\srv2.sys 978423DEC32318FFBCD76D01232AC0FF
C:\Windows\System32\DRIVERS\srvnet.sys CB06B3D4659D744131E691B7B4CE6B2D
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 470C47DABA9CA3966F0AB3F835D7D135
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\System32\DRIVERS\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\system32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 10:25 - 2016-08-19 10:27 - 00000000 ____D C:\Users\MWG\Desktop\FRST-OlderVersion
2016-08-18 19:02 - 2016-08-18 19:07 - 00001436 _____ C:\Users\MWG\Desktop\dpclat - Shortcut.lnk
2016-08-18 19:01 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-08-18 19:01 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-08-18 19:01 - 2016-07-07 11:36 - 01896168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2016-08-18 19:01 - 2016-07-07 11:36 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2016-08-18 19:01 - 2016-07-07 11:36 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2016-08-18 19:01 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys
2016-08-18 19:01 - 2016-07-01 11:31 - 00976896 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2016-08-18 19:01 - 2016-07-01 11:31 - 00084480 _____ (Microsoft Corporation) C:\windows\system32\INETRES.dll
2016-08-18 19:01 - 2016-07-01 11:13 - 00741888 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2016-08-18 19:01 - 2016-07-01 11:13 - 00084480 _____ (Microsoft Corporation) C:\windows\SysWOW64\INETRES.dll
2016-08-18 19:01 - 2016-07-01 10:56 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-08-18 19:01 - 2016-07-01 10:56 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-08-18 19:01 - 2016-07-01 10:56 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-08-18 18:58 - 2016-08-18 18:58 - 00306928 _____ (Thesycon GmbH) C:\Users\MWG\Downloads\dpclat.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00391496 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00053208 _____ (AVAST Software) C:\windows\avastSS.scr
2016-08-16 20:08 - 2016-08-18 19:25 - 00005937 _____ C:\Users\MWG\Desktop\procexp64.exe.txt
2016-08-16 20:02 - 2016-08-16 20:03 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\MWG\Downloads\procexp.exe
2016-08-16 20:00 - 2016-08-16 20:00 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\MWG\Desktop\procexp.exe
2016-08-14 18:59 - 2016-08-14 18:59 - 00000000 ____D C:\Users\MWG\AppData\Local\CEF
2016-08-14 18:53 - 2016-08-16 21:37 - 00003892 _____ C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1471215182
2016-08-14 18:53 - 2016-08-14 18:53 - 00001054 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-08-14 18:53 - 2016-08-14 18:53 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-14 18:52 - 2016-08-16 21:35 - 00037144 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2016-08-14 18:39 - 2016-08-14 18:39 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-08-14 18:39 - 2016-08-14 18:39 - 00000000 ____D C:\Users\MWG\AppData\Roaming\AVAST Software
2016-08-14 18:39 - 2016-08-14 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-08-14 18:38 - 2016-08-16 21:35 - 00969560 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00513496 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00292704 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00163416 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00108816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00103064 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00074544 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00037656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2016-08-14 18:38 - 2016-08-16 21:35 - 00003922 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-08-14 18:38 - 2016-08-14 18:38 - 00000000 ____D C:\windows\System32\Tasks\AVAST Software
2016-08-14 18:35 - 2016-08-14 18:52 - 00000000 ____D C:\Program Files\AVAST Software
2016-08-14 18:30 - 2016-08-14 18:30 - 00401577 _____ C:\unp305373392032433453.mdmp
2016-08-14 18:19 - 2016-08-14 18:52 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-14 18:06 - 2016-08-14 18:07 - 06319040 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2016-08-14 18:06 - 2016-08-14 18:07 - 06319040 _____ (AVAST Software) C:\Users\MWG\Downloads\avast_free_antivirus_setup_online.exe
2016-08-11 23:08 - 2016-08-11 23:08 - 00000000 ____D C:\Users\MWG\AppData\Roaming\WinBatch
2016-08-11 23:07 - 2016-08-11 23:12 - 35596648 _____ C:\Users\MWG\Downloads\tc50070300c.exe
2016-08-11 23:06 - 2016-08-11 23:12 - 50903632 _____ C:\Users\MWG\Downloads\tc50066400n.exe
2016-08-11 23:05 - 2016-08-11 23:05 - 04807544 _____ C:\Users\MWG\Downloads\tc50066600g.exe
2016-08-11 21:58 - 2016-08-11 22:00 - 05179639 _____ C:\Users\MWG\Downloads\TC00190600I.exe.part
2016-08-11 07:46 - 2016-08-11 07:46 - 00000000 ____D C:\windows\pss
2016-08-09 22:10 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-08-09 22:10 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-08-09 22:10 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-08-09 22:10 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-08-09 22:10 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-08-09 22:10 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-08-09 22:10 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-08-09 22:10 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-08-09 22:10 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-08-09 22:10 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-08-09 22:10 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-08-09 22:10 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-08-09 22:10 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-08-09 22:10 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-08-09 22:10 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-08-09 22:10 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-08-09 22:10 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-08-09 22:10 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-08-09 22:10 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-08-09 22:10 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-08-09 22:10 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-09 22:10 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-08-09 22:10 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-08-09 22:10 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-08-09 22:10 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-08-09 22:10 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-08-09 22:10 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-08-09 22:10 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-08-09 22:10 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-08-09 22:10 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-08-09 22:10 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-08-09 22:10 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-08-09 22:10 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-08-09 22:10 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-08-09 22:10 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-08-09 22:10 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-08-09 22:10 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-08-09 22:10 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-08-09 22:10 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-08-09 22:10 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-08-09 22:10 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-09 22:10 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-08-09 22:10 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-08-09 22:10 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-08-09 22:10 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-08-09 22:10 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-08-09 22:10 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-08-09 22:10 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-08-09 22:10 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-08-09 22:10 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-08-09 22:10 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-08-09 22:10 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-08-09 22:10 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-08-09 22:10 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-08-09 22:10 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-08-09 22:10 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-08-09 22:10 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-08-09 22:10 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-08-09 22:10 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-08-09 21:11 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-09 21:09 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-09 21:09 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-09 21:09 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-09 21:09 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-09 21:09 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-09 21:09 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-09 21:09 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-09 21:09 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-09 21:09 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-09 21:09 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-09 21:09 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-09 21:09 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-09 21:09 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-09 21:09 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-09 21:08 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-09 21:08 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 01483264 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-08-08 21:09 - 2016-06-06 12:50 - 00141824 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 01176064 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-08-08 21:09 - 2016-06-06 11:23 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-08-08 21:09 - 2016-05-16 19:22 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-08-08 21:09 - 2016-05-16 19:19 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-08-08 21:09 - 2016-05-16 19:19 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-08-08 21:09 - 2016-05-16 19:18 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-08-08 21:09 - 2016-05-16 19:18 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-08-08 21:09 - 2016-05-16 19:17 - 01732888 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-08-08 21:09 - 2016-05-16 19:16 - 01314136 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 19:14 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:23 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-08-08 21:09 - 2016-05-16 17:23 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-08-08 21:09 - 2016-05-16 17:23 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-08-08 21:09 - 2016-05-16 17:19 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-08-08 21:09 - 2016-05-16 17:19 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-08-08 21:09 - 2016-05-16 17:14 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-08-08 21:09 - 2016-05-16 17:10 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-08-08 21:09 - 2016-05-16 17:10 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-08-08 21:09 - 2016-05-16 17:09 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-08 21:09 - 2016-05-16 17:09 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-08-08 21:09 - 2016-05-13 18:09 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-08-08 21:09 - 2016-05-13 18:07 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-08-08 21:09 - 2016-05-13 17:55 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-08-08 21:09 - 2016-05-13 17:53 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-08-08 21:09 - 2016-05-13 17:53 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-08-08 21:09 - 2016-05-13 17:52 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-08-08 21:09 - 2016-05-13 17:52 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-08-08 21:09 - 2016-05-13 17:52 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-08-08 21:09 - 2016-05-13 17:52 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-08-08 21:09 - 2016-05-13 17:50 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-08-08 21:09 - 2016-05-13 17:38 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-08-08 21:09 - 2016-05-13 17:38 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-08-08 21:09 - 2016-05-12 13:14 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-08-08 21:09 - 2016-05-12 13:14 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\windows\SysWOW64\olepro32.dll
2016-08-08 21:09 - 2016-05-12 11:18 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-08-08 21:09 - 2016-05-04 13:21 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-08-08 21:09 - 2016-05-04 13:17 - 03244032 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-08-08 21:09 - 2016-05-04 13:17 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-08-08 21:09 - 2016-05-04 13:16 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-08-08 21:09 - 2016-05-04 13:16 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-08-08 21:09 - 2016-05-04 11:04 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-08-08 21:09 - 2016-05-04 10:55 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-08-08 21:02 - 2015-12-16 14:55 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\nlsbres.dll
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\kbdgeoqw.dll
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZEL.DLL
2016-08-08 21:02 - 2015-12-16 14:53 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDAZE.DLL
2016-08-08 21:02 - 2015-12-16 14:48 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZE.DLL
2016-08-08 21:02 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdgeoqw.dll
2016-08-08 21:02 - 2015-12-16 14:48 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDAZEL.DLL
2016-08-08 21:02 - 2015-12-16 14:47 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlsbres.dll
2016-08-08 21:02 - 2015-12-16 10:38 - 00419928 _____ C:\windows\SysWOW64\locale.nls
2016-08-08 21:02 - 2015-12-16 10:37 - 00419928 _____ C:\windows\system32\locale.nls
2016-08-08 18:59 - 2016-08-14 18:13 - 00001945 _____ C:\windows\epplauncher.mif
2016-08-08 18:00 - 2015-08-05 13:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2016-08-08 18:00 - 2015-08-05 13:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-08-07 12:33 - 2016-08-07 12:33 - 00000000 ____D C:\Users\MWG\AppData\Local\Windows Live
2016-08-05 20:11 - 2016-08-07 20:43 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Yahoo Messenger
2016-08-05 20:11 - 2016-08-05 20:11 - 00002324 _____ C:\Users\MWG\Desktop\Yahoo Messenger.lnk
2016-08-05 20:11 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Inc
2016-08-05 20:11 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Local\yahoomessenger
2016-08-05 20:09 - 2016-08-05 20:11 - 00000000 ____D C:\Users\MWG\AppData\Local\SquirrelTemp
2016-08-05 19:59 - 2016-08-05 20:01 - 45516304 _____ (Yahoo! Inc) C:\Users\MWG\Downloads\yahoo-messenger-0.8.109-win32.exe
2016-08-05 19:52 - 2016-08-05 19:52 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Yahoo!
2016-08-03 05:40 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 05:40 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-03 05:09 - 2016-06-25 20:35 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-08-03 05:09 - 2016-06-25 20:27 - 01208320 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-08-03 05:09 - 2016-06-22 09:06 - 00268800 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 01490432 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00294912 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00219136 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-08-03 05:09 - 2016-06-17 14:24 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-08-03 05:09 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-08-03 05:09 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-08-03 05:09 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-08-03 05:09 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-08-03 05:09 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-08-03 05:09 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-08-03 05:09 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-08-03 05:09 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-08-03 05:09 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-08-03 05:09 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-08-03 05:07 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-08-03 05:07 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-08-03 05:07 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-08-03 05:07 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-08-03 05:07 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-08-03 05:07 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-08-03 05:07 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2016-08-03 05:07 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2016-08-03 05:07 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2016-08-03 05:07 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2016-08-03 05:06 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-08-03 05:06 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-08-03 05:06 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-08-03 05:06 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2016-08-03 05:06 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2016-08-03 04:47 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2016-08-03 04:47 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2016-08-01 19:04 - 2016-08-01 19:05 - 00000000 ____D C:\0c64389ccba9a62a97ec0cbbe6
2016-08-01 00:40 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2016-08-01 00:40 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2016-08-01 00:40 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2016-08-01 00:40 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2016-08-01 00:40 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2016-08-01 00:40 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2016-08-01 00:40 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2016-08-01 00:40 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2016-08-01 00:40 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2016-08-01 00:39 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-08-01 00:39 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-08-01 00:37 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-08-01 00:37 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-08-01 00:37 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-08-01 00:37 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-08-01 00:37 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-08-01 00:37 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-08-01 00:37 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-08-01 00:37 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-08-01 00:37 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-08-01 00:37 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-08-01 00:37 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2016-08-01 00:37 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2016-08-01 00:37 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-08-01 00:37 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-08-01 00:37 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-08-01 00:37 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-08-01 00:36 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-08-01 00:36 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-08-01 00:36 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-08-01 00:36 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-08-01 00:36 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-08-01 00:36 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-08-01 00:36 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2016-08-01 00:36 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2016-08-01 00:36 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2016-08-01 00:36 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-08-01 00:36 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-08-01 00:36 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-08-01 00:21 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-08-01 00:20 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-08-01 00:20 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-08-01 00:20 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-08-01 00:20 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-08-01 00:20 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-08-01 00:19 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-08-01 00:19 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-08-01 00:19 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-08-01 00:19 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-08-01 00:19 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-08-01 00:19 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-08-01 00:19 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-08-01 00:19 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-08-01 00:19 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-08-01 00:19 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-08-01 00:19 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-08-01 00:19 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-08-01 00:19 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-08-01 00:19 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2016-08-01 00:19 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2016-08-01 00:19 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-08-01 00:19 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-08-01 00:19 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-08-01 00:19 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-08-01 00:19 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-08-01 00:19 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2016-08-01 00:18 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-08-01 00:18 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-08-01 00:18 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-08-01 00:18 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-08-01 00:18 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-08-01 00:18 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-08-01 00:18 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-08-01 00:18 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-08-01 00:18 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-08-01 00:18 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-08-01 00:18 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-08-01 00:18 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-08-01 00:18 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-08-01 00:18 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-08-01 00:18 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-08-01 00:18 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-08-01 00:18 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-08-01 00:18 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-08-01 00:18 - 2015-09-14 17:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-08-01 00:18 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-08-01 00:18 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-08-01 00:18 - 2015-06-03 16:17 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-08-01 00:17 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-08-01 00:17 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-08-01 00:17 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-08-01 00:17 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-08-01 00:17 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-08-01 00:17 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2016-08-01 00:17 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-08-01 00:17 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-08-01 00:17 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-08-01 00:17 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-08-01 00:17 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-08-01 00:17 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2016-08-01 00:17 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2016-08-01 00:17 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-08-01 00:17 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-08-01 00:17 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-08-01 00:17 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-08-01 00:17 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-08-01 00:17 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-08-01 00:17 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-08-01 00:17 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-08-01 00:17 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2016-08-01 00:17 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2016-08-01 00:17 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2016-08-01 00:17 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2016-08-01 00:17 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2016-08-01 00:17 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2016-08-01 00:16 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-08-01 00:16 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-08-01 00:16 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-08-01 00:16 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-08-01 00:16 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-08-01 00:16 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-08-01 00:16 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-08-01 00:16 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-08-01 00:16 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-08-01 00:16 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-08-01 00:16 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-08-01 00:16 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-08-01 00:16 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-08-01 00:16 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-08-01 00:16 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-08-01 00:16 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-08-01 00:16 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-08-01 00:16 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-08-01 00:16 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-08-01 00:16 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-08-01 00:16 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-08-01 00:16 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-08-01 00:16 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-08-01 00:16 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-08-01 00:16 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-08-01 00:16 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-08-01 00:16 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-08-01 00:16 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-08-01 00:16 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-08-01 00:16 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-08-01 00:16 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-08-01 00:16 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-08-01 00:16 - 2015-10-29 13:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2016-08-01 00:16 - 2015-10-29 13:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2016-08-01 00:16 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2016-08-01 00:16 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2016-08-01 00:16 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2016-08-01 00:16 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2016-08-01 00:16 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2016-08-01 00:16 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2016-08-01 00:16 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2016-08-01 00:16 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2016-08-01 00:16 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-08-01 00:16 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-08-01 00:16 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-08-01 00:15 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-08-01 00:15 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-08-01 00:15 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-08-01 00:15 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-08-01 00:15 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-08-01 00:15 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-08-01 00:15 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-08-01 00:15 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-08-01 00:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-08-01 00:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-08-01 00:15 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-08-01 00:15 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-08-01 00:15 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-08-01 00:15 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-08-01 00:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-08-01 00:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-08-01 00:15 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2016-08-01 00:15 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2016-08-01 00:15 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-08-01 00:15 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2016-08-01 00:15 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2016-07-28 08:58 - 2016-07-28 08:59 - 00000000 ____D C:\19fb4b25171339d25ed1
2016-07-27 08:58 - 2016-07-27 08:58 - 00000000 ____D C:\windows\CheckSur
2016-07-25 23:01 - 2016-07-25 23:01 - 00000000 ____D C:\8ac1431f9109642a775ccf
2016-07-25 21:23 - 2016-07-25 21:24 - 00000000 ____D C:\d5fa0e1fb5fdab213d4c741b3f34
2016-07-25 19:53 - 2016-07-25 19:54 - 00000000 ____D C:\86a309109a7a65ff00f9d177e8232b
2016-07-25 19:15 - 2016-07-25 19:51 - 564744309 _____ C:\Users\MWG\Desktop\Windows6.1-KB947821-v34-x64.msu
2016-07-24 21:06 - 2016-07-24 22:21 - 00006077 _____ C:\junk.txt
2016-07-24 15:07 - 2016-07-24 15:09 - 00000467 _____ C:\VEW.txt
2016-07-24 15:04 - 2016-07-24 15:04 - 00061440 _____ ( ) C:\Users\MWG\Desktop\VEW.exe
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Sun
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\AppData\LocalLow\Sun
2016-07-24 14:24 - 2016-07-24 14:24 - 00000000 ____D C:\Users\MWG\.oracle_jre_usage
2016-07-24 14:23 - 2016-07-24 14:23 - 00110144 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2016-07-24 14:23 - 2016-07-24 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-24 14:22 - 2016-07-24 14:22 - 00000000 ____D C:\ProgramData\Oracle
2016-07-24 14:21 - 2016-07-24 14:21 - 00000000 ____D C:\Program Files\Java
2016-07-24 14:12 - 2016-07-24 14:20 - 62041152 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jre-8u101-windows-x64.exe
2016-07-24 14:06 - 2016-07-24 14:07 - 00739904 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jxpiinstall(1).exe
2016-07-24 14:06 - 2016-07-24 14:06 - 00000000 ____D C:\Users\MWG\AppData\LocalLow\Oracle
2016-07-24 14:04 - 2016-07-24 14:04 - 00003120 _____ C:\windows\System32\Tasks\{EBDE9B33-258F-4BCC-BC6D-63DDEBD65416}
2016-07-24 14:01 - 2016-07-24 14:01 - 00739904 _____ (Oracle Corporation) C:\Users\MWG\Downloads\jxpiinstall.exe
2016-07-24 13:56 - 2016-07-24 13:56 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool(1).exe
2016-07-23 17:37 - 2016-08-19 10:27 - 00000000 ____D C:\FRST
2016-07-23 17:36 - 2016-08-19 10:25 - 02265088 _____ C:\Users\MWG\Desktop\FRST64.exe
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieUserList
2016-07-23 17:18 - 2016-07-23 17:18 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieBrowserModeList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieUserList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieSiteList
2016-07-23 17:17 - 2016-07-23 17:17 - 00000000 __SHD C:\Users\MWG\AppData\Local\EmieBrowserModeList
2016-07-23 17:11 - 2016-07-23 17:12 - 00894960 _____ C:\Users\MWG\Downloads\Norton_Removal_Tool.exe
2016-07-23 17:04 - 2016-07-23 17:04 - 00776920 _____ (Symantec Corporation) C:\Users\MWG\Downloads\SymNRT.exe
2016-07-22 22:44 - 2016-08-03 21:14 - 00000000 ____D C:\Users\MWG\Documents\My Received Files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 10:27 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-19 10:27 - 2009-07-14 00:45 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-19 10:19 - 2010-10-15 13:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 10:18 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-18 22:41 - 2012-04-21 07:59 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-08-18 22:33 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-08-18 22:31 - 2010-10-15 13:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 18:32 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-15 18:32 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-08-15 03:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-08-14 19:29 - 2016-06-21 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-14 18:38 - 2016-06-29 21:45 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-11 23:19 - 2010-12-28 13:20 - 00014342 _____ C:\windows\system32\results.xml
2016-08-11 22:01 - 2016-06-20 21:26 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Toshiba
2016-08-09 21:54 - 2009-07-14 00:45 - 00267672 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-09 21:38 - 2013-09-12 15:17 - 00000000 ____D C:\windows\system32\MRT
2016-08-09 21:21 - 2011-06-05 09:30 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-09 20:58 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2016-08-08 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-08-08 17:40 - 2015-01-24 12:48 - 00000000 ___SD C:\windows\system32\CompatTel
2016-08-08 17:40 - 2015-01-24 12:48 - 00000000 ____D C:\windows\system32\appraiser
2016-08-07 00:20 - 2013-04-27 12:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-07 00:20 - 2013-04-27 12:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-06 17:00 - 2013-04-27 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-05 23:30 - 2016-07-01 23:29 - 00000000 ____D C:\Users\MWG\AppData\Roaming\Paltalk
2016-08-05 05:52 - 2015-01-26 13:44 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 05:52 - 2015-01-26 13:44 - 00002113 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 13:46 - 2014-07-27 13:05 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-08-03 07:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-07-28 21:26 - 2010-10-15 13:41 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 21:26 - 2010-10-15 13:41 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-26 14:24 - 2011-06-04 01:35 - 00504488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-07-24 14:24 - 2016-06-20 21:12 - 00000000 ____D C:\Users\MWG
2016-07-24 13:54 - 2010-10-15 13:37 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-07-24 13:54 - 2010-10-15 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2016-07-23 17:18 - 2016-06-20 21:47 - 00000000 __SHD C:\Users\MWG\AppData\LocalLow\EmieSiteList
2016-07-23 17:16 - 2010-12-28 13:36 - 00000000 ____D C:\ProgramData\Norton
2016-07-23 16:34 - 2016-06-29 21:45 - 00000000 ____D C:\windows\System32\Tasks\Remediation

Files to move or delete:
====================
C:\Users\Yvonne\flashplayer11_b2_install_win_ax32_080811.exe

Some files in TEMP:
====================
C:\Users\MWG\AppData\Local\Temp\exe1C3C.tmp.exe
C:\Users\MWG\AppData\Local\Temp\{A815631B-F05A-420E-914B-F8D932E168F2}-51.0.2704.103_chrome_installer.exe
C:\Users\Yvonne\AppData\Local\Temp\4F79.exe
C:\Users\Yvonne\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-15 03:14

==================== End of FRST.txt ============================

#62
its_chele

Posted 19 August 2016 - 08:39 AM

Member

Topic Starter
Member
91 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by MWG (19-08-2016 10:29:43)
Running from C:\Users\MWG\Desktop\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-27 08:53:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3432716916-1219727339-2741707856-500 - Administrator - Disabled)
Guest (S-1-5-21-3432716916-1219727339-2741707856-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-3432716916-1219727339-2741707856-1002 - Limited - Enabled)
MWG (S-1-5-21-3432716916-1219727339-2741707856-1004 - Administrator - Enabled) => C:\Users\MWG
Sandra Sue (S-1-5-21-3432716916-1219727339-2741707856-1003 - Limited - Enabled) => C:\Users\Sandra Sue
Yvonne (S-1-5-21-3432716916-1219727339-2741707856-1000 - Administrator - Enabled) => C:\Users\Yvonne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.3.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.4 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2279 - AVAST Software)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.128.0.66 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
MOTOROLA MEDIA LINK (HKLM-x32\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.2091.0 - Motorola)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) Hidden
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.646.17836 - AVM Software Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo Messenger (HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\...\yahoomessenger) (Version: 0.8.109 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038E4B8A-B55A-4760-9B4E-796249AE0781} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {1A9EF062-2483-4C12-A73A-0EAE2670A11F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {21776848-0AA7-40A0-BB55-322DC2F3BD22} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-14] (AVAST Software)
Task: {235401CF-5FBF-45D1-B036-9296F2703D5C} - System32\Tasks\SafeZone scheduled Autoupdate 1471215182 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {38A2DC8E-B50D-4E52-9664-1831FDBECBFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-16] (AVAST Software)
Task: {7558A3EF-A712-4F4B-ABF3-35E46EF22C8F} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {864F6376-14FC-47B2-91C1-58B00409497B} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {BB4B46A9-D667-463E-944C-D2D13A238C06} - System32\Tasks\{EBDE9B33-258F-4BCC-BC6D-63DDEBD65416} => pcalua.exe -a C:\Users\MWG\Downloads\jxpiinstall.exe -d C:\Users\MWG\Downloads
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {D3F145A7-D242-406B-99A1-E9B96BFDA1CF} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-20] (Google Inc.)
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-08-10 15:35 - 2011-08-10 15:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-08-08 18:11 - 2011-08-08 18:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2016-08-16 21:35 - 2016-08-16 21:35 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-18 19:08 - 2016-08-18 19:08 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16081802\algo.dll
2016-08-16 21:35 - 2016-08-16 21:35 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00128336 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2011-07-07 16:10 - 2011-07-07 16:10 - 00023872 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2011-07-07 16:12 - 2011-07-07 16:12 - 00465632 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00045368 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2011-07-07 16:11 - 2011-07-07 16:11 - 00034128 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2016-08-14 18:38 - 2016-08-14 18:38 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3432716916-1219727339-2741707856-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\MWG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^MWG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: Yahoo Messenger Updater => C:\Users\MWG\AppData\Local\yahoomessenger\app-0.8.109\resources\app.asar.unpacked\native\win32\YMUpdater.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{67E9151E-F6F6-42A5-9CE2-3343EF13571B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CD72228C-F03E-42DE-9EAF-CDA168AB6CE0}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{762A0E22-3559-40A3-A729-7133688BA1C8}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{9B6526C6-F259-4D42-BEC6-AAC888175C89}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{3DAA96BC-4128-493A-A769-8D78F6A90128}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{F8CC4B92-A780-4042-B97F-21343F09CF79}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{A0D03C2D-CCC5-4403-B15D-A651506CCDB2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{33750F64-5E74-4FF8-9386-C319835C59AD}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5BE129EC-5CED-4D1C-B225-6CFF9D327298}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48CA58B9-1F68-4014-BD57-F18C94164C9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE025C88-985E-4A93-8914-4D9122E1743F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{604F6F94-A468-4CCB-8BF6-3CD09C2B5989}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{DE882C51-FF7B-4F94-84EE-0081C2596963}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{DB8A7E77-21C2-4070-9140-42F88D477ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-08-2016 19:21:25 Windows Update
08-08-2016 16:08:39 Windows Update
08-08-2016 18:01:40 Windows Update
08-08-2016 21:09:57 Windows Update
09-08-2016 21:11:42 Windows Update
09-08-2016 22:10:56 Windows Update
13-08-2016 17:56:52 Windows Update
18-08-2016 19:01:57 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2016 06:39:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (08/16/2016 07:01:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avast Antivirus service depends on the aswMonFlt service which failed to start because of the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswRdr service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswSnx service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswSP service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/14/2016 06:30:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! VM Monitor service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/09/2016 09:22:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %%8604 = Writeable NCs prevent this DC from demoting..9.0218.01.225.3561.07%%859 = Writeable NCs prevent this DC from demoting.NT AUTHORITYSYSTEMS-1-5-181%%8001 = Writeable NCs prevent this DC from demoting.%%8031 = Writeable NCs prevent this DC from demoting..1.12902.00x80240016An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 2%%853 = Writeable NCs prevent this DC from demoting.http://www.microsoft.com

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 38%
Total physical RAM: 2939.98 MB
Available physical RAM: 1818.66 MB
Total Virtual: 5878.14 MB
Available Virtual: 4603.23 MB

==================== Drives ================================

Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:168.24 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

==================== End of Addition.txt ============================

#63
RKinner

Posted 19 August 2016 - 11:47 AM

Malware Expert

Expert
24,731 posts

Let's remove some Norton trash with a fixlist:

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

A fix log will be generated please post that

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Avast looks like it may have had a problem so download a new copy:

http://www.avast.com/index

Click on Download then choose the free version.

Download, Save then uninstall Avast. Reboot and install the new version by right clicking and run as admin.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

I see one driver that looks a bit odd:

Can you right click on C:\Windows\system32\drivers\appid.sys

and select properties then Details. What version number does it show?

You may need to unhide it first:

Control Panel, (View By: Large Icons) Folder Options, View.

Uncheck Hide Extensions for Known File Types

Uncheck Hide Protected System Files

Check Show Hidden Files,Folders and Drives.

Let's also sunmit it to virustotal:

Easiest way to submit a file is to copy the path:

C:\Windows\system32\drivers\appid.sys

Then

Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with appid.sys chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 46+ different anti-virus companies. In either case, If the Detection ratio: is not 0 / 46+ then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

#64
its_chele

Posted 21 August 2016 - 08:26 PM

Member

Topic Starter
Member
91 posts

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by MWG (21-08-2016 22:25:38) Run:1
Running from C:\Users\MWG\Desktop
Loaded Profiles: MWG (Available Profiles: Yvonne & Sandra Sue & MWG & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {7FCD5747-58F2-4395-B6F5-BAC6830F9AE3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
Task: {DB96A64B-1AC4-4338-B6F3-D0F599202F52} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe
FirewallRules: [{285BACFA-0CCF-4CD4-A1D8-92834E4CB254}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{B3E30077-1939-4CBD-9C1B-C5807AA7B28E}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS389D.tmp\SymNRT.exe
FirewallRules: [{DE882C51-FF7B-4F94-84EE-0081C2596963}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe
FirewallRules: [{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8}] => (Allow) C:\Users\MWG\AppData\Local\Temp\7zS6E9A.tmp\SymNRT.exe

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FCD5747-58F2-4395-B6F5-BAC6830F9AE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCD5747-58F2-4395-B6F5-BAC6830F9AE3}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB96A64B-1AC4-4338-B6F3-D0F599202F52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB96A64B-1AC4-4338-B6F3-D0F599202F52}" => key removed successfully
C:\windows\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{285BACFA-0CCF-4CD4-A1D8-92834E4CB254} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B3E30077-1939-4CBD-9C1B-C5807AA7B28E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE882C51-FF7B-4F94-84EE-0081C2596963} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2DB00C47-693A-4B4D-B6C1-A94E0C562BB8} => value removed successfully

==== End of Fixlog 22:25:39 ====

#65
its_chele

Posted 21 August 2016 - 08:42 PM

Member

Topic Starter
Member
91 posts

appid.sys version 6.1.7601.23455

#66
RKinner

Posted 21 August 2016 - 09:44 PM

Malware Expert

Expert
24,731 posts

See if turning off netbios helps:

https://marjanrepic....-windows-7-ent/

After you do the above, reboot and then run another Process Explorer log

#67
its_chele

Posted 22 August 2016 - 06:17 PM

Member

Topic Starter
Member
91 posts

Also, when I used virus total and copied appid.sys it said file not found

#68
its_chele

Posted 22 August 2016 - 06:28 PM

Member

Topic Starter
Member
91 posts

ok log after turning of netbios

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   32.86   22,580 K   39,532 K   1480   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   28.79   0 K   24 K   0
svchost.exe   15.21   71,508 K   79,340 K   864   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
dwm.exe   6.17   40,328 K   20,856 K   1948   Desktop Window Manager   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
dllhost.exe   4.90   1,724 K   5,508 K   1732   COM Surrogate   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
Interrupts   3.09   0 K   0 K   n/a   Hardware Interrupts and DPCs
svchost.exe   2.48   56,800 K   58,996 K   2640   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
explorer.exe   1.86   25,436 K   40,548 K   1984   Windows Explorer   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
csrss.exe   1.32   2,672 K   11,968 K   440   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.85   2,612 K   6,460 K   1416   NService Application   Nero AG   (Verified) Nero AG
svchost.exe   0.74   3,232 K   6,980 K   720   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
System   0.59   184 K   1,408 K   4
svchost.exe   0.38   3,676 K   8,764 K   652   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   0.24   3,776 K   10,676 K   532   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.15   19,680 K   12,952 K   2936   Microsoft Windows Search Indexer   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.08   6,616 K   11,168 K   892   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.06   27,388 K   36,356 K   916   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
taskhost.exe   0.04   3,536 K   8,264 K   1812   Host Process for Windows Tasks   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.04   13,208 K   14,752 K   1076   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
lsm.exe   0.04   2,212 K   4,020 K   540   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.03   14,424 K   31,760 K   2864   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.02   8,884 K   13,564 K   1252   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
csrss.exe   0.02   1,980 K   6,376 K   388   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.01   6,232 K   14,732 K   1976   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
SearchProtocolHost.exe   0.01   2,600 K   7,480 K   716   Microsoft Windows Search Protocol Host   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,372 K   4,576 K   1668   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       2,656 K   6,488 K   436   WMI Provider Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe       3,680 K   8,488 K   2616   WMI Provider Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
WLIDSVCM.EXE       1,020 K   3,232 K   380   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,532 K   6,872 K   496   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,316 K   4,284 K   428   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,248 K   4,768 K   1804   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskeng.exe       1,532 K   4,976 K   1216   Task Scheduler Engine   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       4,384 K   9,276 K   2716   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       2,008 K   5,476 K   2436   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       2,036 K   5,336 K   324   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       16,032 K   17,088 K   820   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       4,360 K   9,840 K   1440   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       1,656 K   5,312 K   1580   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
sppsvc.exe       2,360 K   8,244 K   1572   Microsoft Software Protection Platform Service   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,196 K   11,000 K   1208   Spooler SubSystem App   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
smss.exe       376 K   1,080 K   292   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       4,780 K   8,520 K   524   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchFilterHost.exe       1,532 K   4,736 K   2348   Microsoft Windows Search Filter Host   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,624 K   7,032 K   1800   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       3,252 K   8,060 K   1504   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,616 K   6,740 K   1336   MotoHelperAgent       (Verified) Motorola Mobility Inc.
igfxtray.exe       1,800 K   5,864 K   2520   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,176 K   7,860 K   2536   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,684 K   9,588 K   2528   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,708 K   5,368 K   2544   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       2,004 K   7,176 K   1360   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       15,840 K   16,088 K   1008   Windows Audio Device Graph Isolation    Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation

#69
RKinner

Posted 22 August 2016 - 09:52 PM

Malware Expert

Expert
24,731 posts

There are three services we can live without. Let's see if turning them off makes any difference:

Search for

services.msc

hit Enter.

Find

AffinegyService and STOP the service.

Look at Process Explorer and see if either System Idle goes up or Interrupts goes down.

Repeat for:

MotoHelper
WinDefend

If no change

Uninstall Avast, reboot and make a new log.

If System Idle doesn't improve or Interrupts go down then reinstall.

#70
its_chele

Posted 23 August 2016 - 07:03 PM

Member

Topic Starter
Member
91 posts

Stopped the services except windows defender didn't have that option, it only had option to start. uninstalled avast and here is new log

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   33.78   22,536 K   38,288 K   2456   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   22.58   0 K   24 K   0
firefox.exe   20.64   207,288 K   227,536 K   624   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
Interrupts   6.25   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   5.91   42,480 K   23,100 K   544   Desktop Window Manager   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   5.88   388,656 K   220,456 K   972   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
csrss.exe   2.52   2,084 K   12,628 K   440   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
System   1.91   184 K   1,564 K   4
explorer.exe   0.24   25,260 K   38,048 K   1812   Windows Explorer   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
wmpnetwk.exe   0.10   14,496 K   31,844 K   1388   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   0.05   2,552 K   5,928 K   1368   NService Application   Nero AG   (Verified) Nero AG
SearchIndexer.exe   0.05   19,648 K   11,824 K   2876   Microsoft Windows Search Indexer   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.02   13,592 K   14,384 K   1060   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.02   6,560 K   10,604 K   936   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
SearchProtocolHost.exe   0.01   2,636 K   5,984 K   2996   Microsoft Windows Search Protocol Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   0.01   9,128 K   12,660 K   1252   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
csrss.exe   < 0.01   2,068 K   6,276 K   392   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   4,912 K   9,716 K   1804   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
svchost.exe   < 0.01   56,628 K   64,132 K   3044   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
TODDSrv.exe   < 0.01   1,364 K   4,340 K   1660   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WmiPrvSE.exe       2,492 K   6,380 K   584   WMI Provider Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
WmiPrvSE.exe       3,904 K   8,740 K   884   WMI Provider Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
WLIDSVCM.EXE       1,008 K   2,964 K   1892   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,528 K   6,324 K   496   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,304 K   4,084 K   432   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe       3,940 K   9,208 K   3408   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,240 K   4,312 K   1696   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       8,160 K   9,172 K   1524   Host Process for Windows Tasks   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
taskhost.exe       5,660 K   11,504 K   3308   Host Process for Windows Tasks   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
taskeng.exe       1,484 K   4,760 K   1216   Task Scheduler Engine   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       3,628 K   8,064 K   652   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       88,784 K   97,840 K   888   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       3,204 K   6,636 K   720   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       17,688 K   17,028 K   772   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       4,544 K   9,284 K   2036   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       1,644 K   4,980 K   1572   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       2,184 K   5,324 K   2788   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       1,876 K   4,912 K   364   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe       4,332 K   8,924 K   1416   Host Process for Windows Services   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
sppsvc.exe       2,276 K   8,172 K   848   Microsoft Software Protection Platform Service   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,164 K   9,200 K   1208   Spooler SubSystem App   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
smss.exe       656 K   1,152 K   292   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       5,284 K   8,060 K   532   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
SearchFilterHost.exe       1,528 K   4,776 K   3484   Microsoft Windows Search Filter Host   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
procexp.exe       2,616 K   7,020 K   2540   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       2,460 K   6,988 K   1476   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,608 K   6,408 K   2168   MotoHelperAgent       (Verified) Motorola Mobility Inc.
lsm.exe       2,184 K   3,832 K   548   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe       3,796 K   9,604 K   540   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
igfxtray.exe       1,796 K   5,632 K   2368   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,168 K   7,412 K   2384   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,616 K   9,052 K   2376   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,728 K   5,000 K   2392   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       2,008 K   6,768 K   1324   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       16,416 K   16,472 K   272   Windows Audio Device Graph Isolation    Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation

#71
RKinner

Posted 23 August 2016 - 11:05 PM

Malware Expert

Expert
24,731 posts

Better reinstall Avast. Actually made things worse.

Try booting into the Safe Mdoe menu

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly. Keep tapping until the Safe Mode Menu appears)

and choosing Enable Low Resolution Video

Run Process Explorer in this mode and let's see if that has any effect. Also run DPC (if it will run) - Do you still have red?

Return to normal mode

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

[list]

[*]List last 10 Event Viewer Errors

[*]List Devices

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

#72
its_chele

Posted 24 August 2016 - 05:55 PM

Member

Topic Starter
Member
91 posts

Avast reinstalled

DPC runned in safemode had more red bars than regular mode had 9 side by by side then space in between and 2 more

New Log

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   36.93   0 K   24 K   0
WmiPrvSE.exe   26.22   4,144 K   9,164 K   3536   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
procexp64.exe   14.56   22,968 K   40,152 K   3976   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
dwm.exe   5.26   36,016 K   19,900 K   2184   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   4.57   392,220 K   222,768 K   272   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   3.51   0 K   0 K   n/a   Hardware Interrupts and DPCs
svchost.exe   2.20   92,900 K   101,556 K   956   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
NServiceEntry.exe   2.05   2,636 K   5,536 K   1580   NService Application   Nero AG   (Verified) Nero AG
csrss.exe   1.89   2,196 K   8,536 K   500   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
System   1.57   196 K   2,072 K   4
lsass.exe   0.37   3,800 K   9,508 K   608   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.18   30,780 K   47,860 K   2216   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.14   3,664 K   8,060 K   720   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AvastSvc.exe   0.12   51,788 K   43,772 K   1244   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
svchost.exe   0.10   7,240 K   10,580 K   1004   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsm.exe   0.07   2,244 K   3,856 K   616   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.06   16,136 K   15,132 K   848   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
services.exe   0.06   5,120 K   7,940 K   592   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.04   4,528 K   9,308 K   3108   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AvastUI.exe   0.03   10,444 K   9,296 K   2960   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
csrss.exe   0.02   2,376 K   6,884 K   440   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   13,004 K   13,724 K   1092   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.01   20,688 K   14,980 K   3276   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   0.01   6,336 K   12,796 K   1936   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
SearchProtocolHost.exe   0.01   2,632 K   7,488 K   2180   Microsoft Windows Search Protocol Host   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   9,496 K   12,548 K   1440   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,340 K   4,188 K   1776   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
wmpnetwk.exe       14,268 K   31,508 K   3024   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,632 K   6,420 K   228   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       996 K   2,880 K   1356   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,444 K   6,092 K   536   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,308 K   4,048 K   492   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,448 K   5,280 K   3460   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe       3,764 K   9,260 K   2660   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,228 K   4,036 K   1816   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,472 K   7,672 K   1120   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe       1,504 K   4,652 K   1404   Task Scheduler Engine   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,308 K   6,744 K   796   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,036 K   5,024 K   2284   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,364 K   8,820 K   1620   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,212 K   5,068 K   792   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,712 K   4,952 K   1752   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
sppsvc.exe       2,288 K   8,164 K   932   Microsoft Software Protection Platform Service   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,540 K   9,020 K   1388   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       412 K   1,052 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
SearchFilterHost.exe       1,520 K   4,728 K   3720   Microsoft Windows Search Filter Host   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,576 K   6,944 K   3800   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
MotoHelperService.exe       2,420 K   6,640 K   1660   MotoHelper Service       (Verified) Motorola Mobility Inc.
MotoHelperAgent.exe       1,548 K   6,368 K   2420   MotoHelperAgent       (Verified) Motorola Mobility Inc.
igfxtray.exe       1,776 K   5,344 K   2672   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,144 K   7,220 K   2688   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,592 K   8,940 K   2680   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
cAudioFilterAgent64.exe       1,700 K   4,960 K   2716   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,956 K   6,364 K   1528   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       15,788 K   15,880 K   660   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

#73
its_chele

Posted 24 August 2016 - 05:57 PM

Member

Topic Starter
Member
91 posts

MiniToolBox by Farbar Version: 17-06-2016
Ran by MWG (administrator) on 24-08-2016 at 19:56:46
Running from "C:\Users\MWG\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: Satellite C655 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/24/2016 07:41:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0x1348
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/24/2016 07:25:16 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.23455, time stamp: 0x573a54b7
Exception code: 0xc000000d
Fault offset: 0x00000000000689e2
Faulting process id: 0xa64
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/22/2016 09:14:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: bcuengine.dll, version: 12.0.0.77, time stamp: 0x57ab0828
Exception code: 0xc0000005
Fault offset: 0x00169224
Faulting process id: 0xe68
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/24/2016 07:41:30 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224134801d1fe610931dad3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082400\bcuengine.dll4795afa9-6a54-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:16 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.23455573a54b7c000000d00000000000689e2a6401d1fe5dc7f8a704C:\windows\System32\svchost.exeC:\windows\SYSTEM32\ntdll.dll0354ce58-6a52-11e6-91cc-00266c9da200

Error: (08/24/2016 07:25:06 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll

Error: (08/22/2016 09:14:26 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637bcuengine.dll12.0.0.7757ab0828c000000500169224e6801d1fcdbafe129c3C:\windows\SysWOW64\rundll32.exeC:\Program Files\AVAST Software\Avast\defs\16082201\bcuengine.dllee538832-68ce-11e6-a2ef-00266c9da200

Error: (08/22/2016 08:46:37 PM) (Source: SideBySide)(User: )
Description: Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll

========================= Devices: ================================

**** End of log ****

#74
RKinner

Posted 24 August 2016 - 11:10 PM

Malware Expert

Expert
24,731 posts

Not sure why but I don't see any Drivers in Minitolbox.

Looks like your Avast didn't install correctly so you might want to try it again.

DPC may have gotten worse but Interrupts went down so there may be a problem with the video driver.

If you stop the Windows Management Instrumentation service the PE log would be almost decent.

#75
its_chele

Posted 25 August 2016 - 06:36 PM

Member

Topic Starter
Member
91 posts

Ok uninstalled and reinstalled avast again LOL

Stopped Windows Management Instrumentation.

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
procexp64.exe   28.99   23,428 K   40,828 K   2748   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
System Idle Process   30.89   0 K   24 K   0
WmiPrvSE.exe   17.23   5,112 K   9,504 K   3744   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
AvastSvc.exe   13.79   75,624 K   45,736 K   1248   avast! Service   AVAST Software   (Verified) AVAST Software a.s.
dwm.exe   4.92   42,984 K   21,912 K   2072   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
Interrupts   5.45   0 K   0 K   n/a   Hardware Interrupts and DPCs
svchost.exe   2.16   102,392 K   104,380 K   960   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
System   1.86   364 K   11,904 K   4
csrss.exe   1.82   2,112 K   9,956 K   488   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.07   371,580 K   208,484 K   360   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
explorer.exe   0.13   25,096 K   31,792 K   2084   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe       5,720 K   11,228 K   596   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,764 K   7,564 K   712   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       16,136 K   13,836 K   836   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
AvastUI.exe   0.03   32,808 K   14,924 K   3060   avast! Antivirus   AVAST Software   (Verified) AVAST Software a.s.
svchost.exe   0.02   24,404 K   24,772 K   1172   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   7,044 K   10,272 K   1008   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.01   21,180 K   14,612 K   2096   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
TODDSrv.exe   < 0.01   1,336 K   3,896 K   1652   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
wmpnetwk.exe       14,680 K   5,760 K   3840   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       2,604 K   6,292 K   1940   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       988 K   2,720 K   1924   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
WLIDSVC.EXE       4,900 K   7,996 K   1800   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
winlogon.exe       2,456 K   5,584 K   524   Windows Logon Application   Microsoft Corporation   (Verified) Microsoft Windows
wininit.exe       1,308 K   3,728 K   480   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,448 K   5,324 K   3696   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
TrustedInstaller.exe       4,476 K   9,456 K   3652   Windows Modules Installer   Microsoft Corporation   (Verified) Microsoft Windows
TosCoSrv.exe       2,220 K   3,592 K   1684   TOSHIBA Power Saver   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
taskhost.exe       3,652 K   7,540 K   2012   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
taskeng.exe       1,500 K   4,788 K   1344   Task Scheduler Engine   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       3,328 K   6,548 K   788   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,988 K   5,460 K   3364   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   9,344 K   8,752 K   1388   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,476 K   9,276 K   3540   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,696 K   4,680 K   1624   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,028 K   4,508 K   2464   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       2,204 K   4,900 K   784   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       4,300 K   8,244 K   1520   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       6,164 K   7,728 K   1336   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       416 K   996 K   340   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       4,692 K   6,704 K   580   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
procexp.exe       2,576 K   6,928 K   3240   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
lsm.exe       2,260 K   3,712 K   604   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
igfxtray.exe       1,772 K   4,896 K   2608   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
igfxpers.exe       2,140 K   6,856 K   2624   persistence Module   Intel Corporation   (Verified) Intel Corporation
hkcmd.exe       2,580 K   8,368 K   2616   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
firefox.exe       201,348 K   238,976 K   1004   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
csrss.exe   < 0.01   2,308 K   6,312 K   440   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
cAudioFilterAgent64.exe       1,672 K   4,832 K   2632   Conexant High Definition Audio Filter Agent   Conexant Systems, Inc.   (Verified) Conexant Systems
BelkinService.exe       1,972 K   5,624 K   1480   BelkinService   Affinegy, Inc.   (Verified) Affinegy
audiodg.exe       16,184 K   16,404 K   3288   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows

Page 5 of 10
3
4
5
6
7

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Malware, Sluggish

Hardware → Smartphones and Tablets → Samsung personal smartphones - hacking Started by Cremebrulee54 , 26 Jan 2025 malware, hacking	0 replies 2,448 views	Cremebrulee54 26 Jan 2025
Security → Virus, Spyware, Malware Removal → personal laptop showing unauthorized activity [Solved] Started by Cremebrulee54 , 21 Jan 2025 Malware, Spy 1 2	Hot 29 replies 5,902 views	DR M 15 Feb 2025
Security → Virus, Spyware, Malware Removal → Lingering Windows Script Host errors [Closed] Started by LegionXIX , 21 Aug 2024 malware, wscript	3 replies 3,683 views	DR M 25 Aug 2024
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 17,407 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 9,985 views	DR M 16 Apr 2023