Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm hacked system files gone rogue and many more nasty things


  • This topic is locked This topic is locked
31 replies to this topic

#1 IWantMyInternetBack

IWantMyInternetBack

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 03 April 2016 - 06:58 PM

Hey i was reffered here from Am I infected? What do I do? I'm getting redirected/filtered search results on any browser, denied access to suspicious files AV skips most files in scans. downloads even get hijacked or maybe they get infected once downloaded? also it manipulates files, relocates them, uses any method to get online, like using bluetooth or remote access and reinstalling drivers to do so. It also screws with certificates and connections to websites. I'm on win7 with bullgard AV frst log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Guy Fawkes (administrator) on GUYFAWKES-PC (04-04-2016 09:50:53) Running from C:\Users\Guy Fawkes\Desktop Loaded Profiles: Guy Fawkes (Available Profiles: Guy Fawkes) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4559944 2016-01-25] (UltimateOutsider) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-18] (Dell Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3256969152-94519139-2226236424-1000\...\Run: [HijackThis startup scan] => C:\Users\Guy Fawkes\Desktop\Tools\HijackThis.exe /startupscan HKU\S-1-5-21-3256969152-94519139-2226236424-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-12] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E684CE24-9CC6-471C-B698-30F474C9EBF0}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== FireFox: ======== FF ProfilePath: C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN) FF Extension: NoScript - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-26] FF Extension: OneTab - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\extension@one-tab.com.xpi [2016-03-17] FF Extension: Firebug - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\firebug@software.joehewitt.com.xpi [2016-03-28] FF Extension: Ghostery - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\firefox@ghostery.com.xpi [2016-03-26] FF Extension: Location Guard - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\jid1-HdwPLukcGQeOSh@jetpack.xpi [2016-03-18] FF Extension: BehindTheOverlay - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\jid1-Y3WfE7td45aWDw@jetpack.xpi [2016-03-15] FF Extension: uMatrix - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\uMatrix@raymondhill.net.xpi [2016-03-28] FF Extension: Adblock Plus - C:\Users\Guy Fawkes\AppData\Roaming\Mozilla\Firefox\Profiles\k9u514l2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-14] FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed] FF HKU\S-1-5-21-3256969152-94519139-2226236424-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Guy Fawkes\AppData\Local\XDM\xdmff => not found ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [463912 2010-08-18] (Ericsson AB) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-04 09:50 - 2016-04-04 09:51 - 00006971 _____ C:\Users\Guy Fawkes\Desktop\FRST.txt 2016-04-04 09:50 - 2016-04-04 09:50 - 00000000 ____D C:\FRST 2016-04-04 09:48 - 2016-04-04 09:48 - 02374144 _____ (Farbar) C:\Users\Guy Fawkes\Desktop\FRST64.exe 2016-04-04 02:34 - 2016-04-04 02:34 - 00113882 _____ C:\Users\Guy Fawkes\Desktop\bleeps.txt 2016-04-04 02:15 - 2016-04-04 02:15 - 00002992 _____ C:\Windows\System32\Tasks\{17D2B1CE-7A29-4A1F-8A0C-89A0B250FD3D} 2016-04-04 00:39 - 2016-04-04 00:39 - 00000000 _____ C:\Users\Guy Fawkes\Desktop\pfirewall.log.old 2016-04-04 00:29 - 2016-04-04 00:29 - 00000000 ___DC C:\Users\Guy Fawkes\AppData\Local\MigWiz 2016-04-04 00:27 - 2016-04-04 00:27 - 02870984 _____ (ESET) C:\Users\Guy Fawkes\Desktop\esetsmartinstaller_enu.exe 2016-04-03 23:06 - 2016-04-03 23:06 - 00000000 ___RD C:\Users\Guy Fawkes\Documents\Notes 2016-04-03 22:55 - 2016-04-03 22:55 - 00000106 _____ C:\Users\Guy Fawkes\AppData\Local\Application Data.7z 2016-04-03 22:34 - 2016-03-28 15:13 - 00000706 _____ C:\Users\Guy Fawkes\Desktop\recently-used.xbel 2016-04-03 22:20 - 2013-12-04 11:59 - 00001122 _____ C:\Users\Guy Fawkes\Desktop\authorization.xml 2016-04-03 22:18 - 2016-03-08 09:18 - 00005464 _____ C:\Users\Guy Fawkes\Desktop\ipconfig.all.txt 2016-04-03 22:18 - 2016-03-08 09:18 - 00004938 _____ C:\Users\Guy Fawkes\Desktop\route.print.txt 2016-04-03 22:15 - 2016-03-31 08:50 - 00048956 _____ C:\Users\Guy Fawkes\Desktop\results.xsl 2016-04-03 21:11 - 2016-04-03 21:11 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Apps\2.0 2016-04-03 12:56 - 2016-04-03 12:56 - 00001233 _____ C:\Users\Guy Fawkes\Desktop\JRT.txt 2016-04-03 12:55 - 2015-11-01 19:14 - 00003146 _____ C:\Users\Guy Fawkes\Desktop\wget.txt 2016-04-03 12:55 - 2015-11-01 19:14 - 00002123 _____ C:\Users\Guy Fawkes\Desktop\shortcut.txt 2016-04-03 12:46 - 2016-04-03 12:49 - 00000000 ____D C:\AdwCleaner 2016-04-03 12:30 - 2016-04-03 12:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-04-03 12:29 - 2016-04-03 12:29 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-04-03 12:29 - 2016-04-03 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-03 12:29 - 2016-04-03 12:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-04-03 12:29 - 2016-04-03 12:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-03 12:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-04-03 12:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-04-03 12:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-04-03 12:27 - 2016-04-03 12:27 - 00002808 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-04-03 12:27 - 2016-04-03 12:27 - 00000822 _____ C:\Users\Guy Fawkes\Desktop\CCleaner.lnk 2016-04-03 12:27 - 2016-04-03 12:27 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-03 12:27 - 2016-04-03 12:27 - 00000000 ____D C:\Program Files\CCleaner 2016-04-03 11:40 - 2016-04-03 11:40 - 00000067 _____ C:\.directory 2016-04-03 11:30 - 2016-04-03 14:06 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2016-04-01 20:00 - 2016-04-01 20:00 - 00000000 ___HD C:\Windows\system32\Settings 2016-03-31 11:44 - 2015-11-01 19:14 - 00003271 _____ C:\Users\Guy Fawkes\Desktop\sed.txt 2016-03-31 02:04 - 2016-03-31 05:12 - 00001395 _____ C:\Users\Guy Fawkes\Desktop\for research.txt 2016-03-29 14:13 - 2016-03-29 14:17 - 00000000 ____D C:\Users\Guy Fawkes\Desktop\photos 2016-03-28 19:06 - 2011-06-26 16:45 - 00256000 _____ C:\Windows\PEV.exe 2016-03-28 19:06 - 2010-11-08 03:20 - 00208896 _____ C:\Windows\MBR.exe 2016-03-28 19:06 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-03-28 19:06 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-03-28 19:06 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-03-28 19:06 - 2000-08-31 10:00 - 00098816 _____ C:\Windows\sed.exe 2016-03-28 19:06 - 2000-08-31 10:00 - 00080412 _____ C:\Windows\grep.exe 2016-03-28 19:06 - 2000-08-31 10:00 - 00068096 _____ C:\Windows\zip.exe 2016-03-28 19:02 - 2016-03-28 19:05 - 00000000 ____D C:\Qoobox 2016-03-28 19:00 - 2016-03-28 19:00 - 00000000 ____D C:\Windows\erdnt 2016-03-28 18:53 - 2016-03-28 18:53 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\fontconfig 2016-03-28 18:46 - 2016-03-28 18:46 - 00000000 ____D C:\Users\Guy Fawkes\Documents\Any Video Converter 2016-03-28 18:45 - 2016-04-04 03:06 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Anvsoft 2016-03-28 18:28 - 2016-03-28 18:29 - 16194048 _____ C:\Users\Guy Fawkes\Downloads\disk-drill-win.msi 2016-03-28 18:28 - 2016-03-28 18:28 - 04426120 _____ (Piriform Ltd) C:\Users\Guy Fawkes\Downloads\rcsetup152.exe 2016-03-28 16:22 - 2016-03-28 16:33 - 41174656 _____ (Any-Video-Converter.com ) C:\Users\Guy Fawkes\Downloads\avc-free.exe 2016-03-28 15:19 - 2016-03-31 11:43 - 00000000 ____D C:\Rem-VBSqt 2016-03-28 15:13 - 2016-03-28 15:13 - 00000706 _____ C:\Users\Guy Fawkes\AppData\Local\recently-used.xbel 2016-03-28 14:56 - 2016-03-28 14:56 - 00000000 ____D C:\Snort 2016-03-28 13:31 - 2016-03-28 13:31 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\gtk-2.0 2016-03-28 13:30 - 2016-03-28 15:13 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Wireshark 2016-03-28 13:03 - 2016-04-03 13:21 - 00000000 ____D C:\Users\Guy Fawkes\Desktop\Scum files 2016-03-28 11:56 - 2016-03-28 11:57 - 00000000 ____D C:\Nissan 2016-03-28 11:55 - 2016-03-28 12:00 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\VC 2016-03-28 11:55 - 2016-03-28 11:55 - 00000000 ____D C:\Users\Guy Fawkes\Documents\TEncoder 2016-03-28 11:54 - 2016-03-28 13:22 - 00000000 ____D C:\Program Files\TEncoder Video Converter 2016-03-28 11:48 - 2016-03-28 11:52 - 45118458 _____ (ozok ) C:\Users\Guy Fawkes\Downloads\TEncoder(4.5.10)setup_64bit.exe 2016-03-26 19:27 - 2016-03-26 19:28 - 00015044 _____ C:\Users\Guy Fawkes\Documents\cc_20160326_192748.reg 2016-03-25 03:01 - 2016-03-25 03:01 - 00000000 ____D C:\Windows\SysWOW64\GWX 2016-03-21 19:31 - 2016-04-04 02:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-20 20:07 - 2016-03-20 20:07 - 101027201 _____ C:\Users\Guy Fawkes\Documents\1990TSRM.zip 2016-03-20 18:13 - 2016-03-20 18:13 - 24119925 _____ C:\Users\Guy Fawkes\Documents\r32_gtr.pdf 2016-03-20 18:13 - 2016-03-20 18:13 - 10334270 _____ C:\Users\Guy Fawkes\Documents\180SX_SR20DET.pdf 2016-03-20 18:09 - 2016-03-20 18:09 - 24973435 _____ C:\Users\Guy Fawkes\Documents\s15_sr20det.zip 2016-03-20 18:07 - 2016-03-20 18:07 - 27593029 _____ C:\Users\Guy Fawkes\Documents\s13_ca18det.pdf 2016-03-20 18:07 - 2016-03-20 18:07 - 25889054 _____ C:\Users\Guy Fawkes\Documents\s14_sr20det.pdf 2016-03-20 17:46 - 2016-03-20 17:46 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Subhra Das Gupta 2016-03-19 05:53 - 2016-03-19 05:53 - 00001786 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2016-03-19 05:50 - 2016-03-19 05:50 - 00001607 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk 2016-03-19 05:49 - 2016-03-19 05:53 - 00000000 ____D C:\Program Files\Wireshark 2016-03-19 05:45 - 2016-03-19 05:48 - 47535128 _____ (Wireshark development team) C:\Users\Guy Fawkes\Downloads\Wireshark-win64-2.0.2.exe 2016-03-18 16:29 - 2016-03-18 16:29 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Macromedia 2016-03-18 16:29 - 2016-03-18 16:29 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Macromedia 2016-03-18 15:11 - 2016-03-18 15:11 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-18 15:11 - 2016-03-18 15:11 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-18 15:11 - 2016-03-18 15:11 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-03-18 15:11 - 2016-03-18 15:11 - 00000000 ____D C:\Windows\system32\Macromed 2016-03-18 15:09 - 2016-03-18 15:12 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Adobe 2016-03-18 11:38 - 2016-03-31 11:10 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser 2016-03-18 11:29 - 2016-03-28 18:56 - 00000000 ____D C:\Users\Guy Fawkes\Desktop\movies 2016-03-18 11:13 - 2016-03-18 11:16 - 43789432 _____ C:\Users\Guy Fawkes\Downloads\torbrowser-install-5.5.3_en-US.exe 2016-03-17 19:12 - 2016-04-03 23:05 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\vlc 2016-03-17 16:46 - 2016-03-17 16:54 - 00000000 ____D C:\Users\Guy Fawkes\Documents\NISSAN DISKS 2016-03-17 16:38 - 2016-03-17 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-03-17 16:38 - 2016-03-17 16:38 - 00000000 ____D C:\Program Files\7-Zip 2016-03-17 16:37 - 2016-03-17 16:37 - 01371668 _____ (Igor Pavlov) C:\Users\Guy Fawkes\Downloads\7z1514-x64.exe 2016-03-16 22:23 - 2016-03-16 22:23 - 00000000 ____D C:\Users\Guy Fawkes\hahaha 2016-03-16 22:12 - 2016-03-17 01:01 - 2290841014 _____ C:\Users\Guy Fawkes\Downloads\X86-X64_NISSAN_FAST_ALL.7z 2016-03-16 21:59 - 2016-03-16 21:59 - 00000000 ____D C:\Users\Guy Fawkes\bleep you 2016-03-16 21:37 - 2016-03-27 02:18 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\qBittorrent 2016-03-16 21:37 - 2016-03-16 21:38 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\qBittorrent 2016-03-16 21:15 - 2016-03-16 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2016-03-16 21:15 - 2016-03-16 21:15 - 00000000 ____D C:\Program Files (x86)\qBittorrent 2016-03-16 21:10 - 2016-03-16 21:11 - 16933971 _____ (The qBittorrent project) C:\Users\Guy Fawkes\Downloads\qbittorrent_3.3.3_setup.exe 2016-03-16 18:40 - 2016-03-16 18:50 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Foxit Software 2016-03-16 18:39 - 2016-03-16 18:39 - 00000000 ____D C:\Users\Public\Foxit Software 2016-03-16 18:39 - 2016-03-16 18:39 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Foxit AgentInformation 2016-03-16 18:39 - 2016-03-16 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-03-16 18:39 - 2016-03-16 18:39 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform 2016-03-16 18:39 - 2016-03-16 18:39 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2016-03-16 17:52 - 2016-03-16 18:15 - 42900584 _____ (Foxit Software Inc. ) C:\Users\Guy Fawkes\Downloads\FoxitReader734_enu_Setup_clean.exe 2016-03-16 17:12 - 2016-03-16 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel 2016-03-16 17:12 - 2016-03-16 17:12 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider 2016-03-16 16:59 - 2016-04-04 02:49 - 00007677 _____ C:\Users\Guy Fawkes\AppData\Local\resmon.resmoncfg 2016-03-16 16:55 - 2016-03-16 16:57 - 06837784 _____ (Piriform Ltd) C:\Users\Guy Fawkes\Downloads\ccsetup515.exe 2016-03-15 21:54 - 2016-03-15 21:57 - 02789304 _____ C:\Users\Guy Fawkes\Documents\2001_Manual_X5.pdf 2016-03-12 18:51 - 2016-03-12 18:51 - 00002113 _____ C:\Users\Guy Fawkes\Documents\bcu+ boost controller box description.txt 2016-03-10 22:03 - 2016-03-10 22:05 - 02491264 _____ C:\Users\Guy Fawkes\Downloads\GwxControlPanelSetup.exe 2016-03-10 21:29 - 2016-03-10 21:29 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\GWX 2016-03-10 19:57 - 2016-03-16 22:05 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\deluge 2016-03-10 17:06 - 2016-02-09 16:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-03-10 17:06 - 2016-02-09 16:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-03-10 17:06 - 2016-02-09 07:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-03-10 17:06 - 2016-02-09 06:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-03-10 17:06 - 2016-02-09 06:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-03-10 17:06 - 2016-02-09 06:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-03-10 17:06 - 2016-02-09 06:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-03-10 17:06 - 2016-02-09 06:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-03-10 17:06 - 2016-02-09 06:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-03-10 17:06 - 2016-02-09 06:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-03-10 17:06 - 2016-02-09 06:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-03-10 17:06 - 2016-02-09 06:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-03-10 17:06 - 2016-02-09 06:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-03-10 17:06 - 2016-02-09 06:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-03-10 17:06 - 2016-02-09 06:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-03-10 17:06 - 2016-02-09 06:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-03-10 17:06 - 2016-02-09 06:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-03-10 17:06 - 2016-02-09 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-03-10 17:06 - 2016-02-09 06:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-03-10 17:06 - 2016-02-09 06:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-03-10 17:06 - 2016-02-09 06:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-03-10 17:06 - 2016-02-09 06:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-03-10 17:06 - 2016-02-09 06:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-03-10 17:06 - 2016-02-09 06:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-03-10 17:06 - 2016-02-09 06:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-03-10 17:06 - 2016-02-09 06:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-03-10 17:06 - 2016-02-09 06:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-03-10 17:06 - 2016-02-09 06:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-03-10 17:06 - 2016-02-09 06:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-03-10 17:06 - 2016-02-09 05:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-03-10 17:06 - 2016-02-09 05:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-03-10 17:06 - 2016-02-09 05:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-03-10 17:06 - 2016-02-09 04:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-03-10 17:06 - 2016-02-09 04:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-03-10 17:06 - 2016-02-09 04:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-03-10 17:06 - 2016-02-09 04:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-03-10 17:06 - 2016-02-09 04:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-03-10 17:06 - 2016-02-09 04:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-03-10 17:06 - 2016-02-09 04:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-03-10 17:06 - 2016-02-09 04:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-03-10 17:06 - 2016-02-09 04:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-03-10 17:06 - 2016-02-09 04:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-03-10 17:06 - 2016-02-09 04:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-03-10 17:06 - 2016-02-09 04:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-03-10 17:06 - 2016-02-09 03:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-03-10 17:06 - 2016-02-09 03:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-03-10 17:06 - 2016-02-09 03:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-03-10 17:06 - 2016-02-09 03:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-03-10 17:06 - 2016-02-09 03:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-03-10 17:06 - 2016-02-09 03:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-03-10 17:06 - 2016-02-09 03:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-03-10 17:06 - 2016-02-09 03:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-03-10 17:06 - 2016-02-09 03:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-03-10 17:06 - 2016-02-09 03:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-03-10 17:06 - 2016-02-09 03:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-03-10 17:06 - 2016-02-09 02:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-03-10 17:05 - 2016-02-09 06:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-03-10 17:05 - 2016-02-09 04:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-03-10 17:05 - 2016-02-09 04:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-03-10 17:05 - 2016-02-09 04:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-03-10 17:05 - 2016-02-09 04:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-03-10 17:05 - 2016-02-09 04:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-03-10 17:05 - 2016-02-09 04:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-03-10 17:05 - 2016-02-09 03:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-03-10 17:05 - 2016-02-09 03:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-03-10 17:05 - 2016-02-09 03:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-03-10 17:02 - 2013-11-26 18:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2016-03-10 17:02 - 2013-11-23 08:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2016-03-10 05:35 - 2015-11-11 04:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-03-10 05:35 - 2015-11-11 04:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-03-10 05:35 - 2015-11-11 04:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-03-10 05:34 - 2015-07-31 04:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2016-03-10 05:34 - 2015-07-31 03:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2016-03-10 05:33 - 2015-12-09 07:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-03-10 05:33 - 2015-12-09 05:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-03-10 05:32 - 2015-02-04 13:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2016-03-10 05:32 - 2015-02-04 12:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2016-03-10 05:32 - 2015-02-03 13:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-03-10 05:32 - 2015-02-03 13:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-03-10 04:52 - 2016-03-10 04:52 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Adobe 2016-03-10 04:46 - 2016-03-10 04:46 - 00000000 ___SD C:\Windows\system32\CompatTel 2016-03-10 04:46 - 2016-03-10 04:46 - 00000000 ____D C:\Windows\system32\appraiser 2016-03-10 04:23 - 2015-01-09 09:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls 2016-03-10 04:23 - 2015-01-09 09:43 - 00419936 _____ C:\Windows\system32\locale.nls 2016-03-10 04:02 - 2015-07-30 23:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2016-03-10 04:02 - 2015-07-30 23:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-03-10 03:58 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2016-03-10 03:53 - 2016-03-10 03:53 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2016-03-10 03:53 - 2016-03-10 03:53 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2016-03-10 03:53 - 2016-03-10 03:53 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2016-03-10 03:53 - 2016-03-10 03:53 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2016-03-10 03:53 - 2016-03-10 03:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2016-03-10 03:53 - 2016-03-10 03:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-03-10 03:53 - 2016-03-10 03:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-03-10 03:42 - 2016-03-10 03:42 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-03-10 03:42 - 2016-03-10 03:42 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-03-10 03:03 - 2016-03-10 03:06 - 00000000 ____D C:\Windows\system32\MRT 2016-03-10 03:02 - 2016-03-10 03:03 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-03-09 15:44 - 2015-11-20 00:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2016-03-09 15:44 - 2015-11-20 00:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-03-09 15:44 - 2015-11-20 00:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2016-03-09 15:44 - 2015-11-20 00:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-03-09 15:43 - 2016-02-13 04:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-03-09 15:43 - 2016-02-13 04:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-03-09 15:43 - 2016-02-13 04:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-03-09 15:43 - 2016-02-13 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-03-09 15:43 - 2016-02-13 04:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-03-09 15:43 - 2016-02-13 04:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-03-09 15:43 - 2016-02-13 04:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-03-09 15:43 - 2016-02-13 04:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-03-09 15:43 - 2016-02-13 04:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-03-09 15:43 - 2016-02-13 04:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-03-09 15:43 - 2016-02-13 04:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-03-09 15:43 - 2016-02-13 04:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-03-09 15:43 - 2016-02-13 04:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-03-09 15:43 - 2016-02-13 04:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-03-09 15:43 - 2016-02-13 04:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-03-09 15:43 - 2016-02-13 04:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-03-09 15:43 - 2016-02-12 04:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-03-09 15:43 - 2016-02-12 04:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-03-09 15:43 - 2016-02-12 04:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-03-09 15:43 - 2016-02-12 04:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-03-09 15:43 - 2016-02-12 04:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-03-09 15:43 - 2016-02-12 04:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-03-09 15:43 - 2016-02-12 04:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-03-09 15:43 - 2016-02-12 04:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-03-09 15:43 - 2016-02-12 04:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-03-09 15:43 - 2016-02-12 04:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-03-09 15:43 - 2016-02-12 04:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-03-09 15:43 - 2016-02-12 04:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-03-09 15:43 - 2016-02-12 04:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-03-09 15:43 - 2016-02-12 04:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-03-09 15:43 - 2016-02-12 04:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-03-09 15:43 - 2016-02-12 04:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-03-09 15:43 - 2016-02-12 04:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-03-09 15:43 - 2016-02-12 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-03-09 15:43 - 2016-02-12 04:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-03-09 15:43 - 2016-02-12 04:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-03-09 15:43 - 2016-02-12 04:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-03-09 15:43 - 2016-02-12 04:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-03-09 15:43 - 2016-02-12 04:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-03-09 15:43 - 2016-02-12 04:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-03-09 15:43 - 2016-02-12 04:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-03-09 15:43 - 2016-02-12 04:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-03-09 15:43 - 2016-02-12 04:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-03-09 15:43 - 2016-02-12 04:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-03-09 15:43 - 2016-02-12 04:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-03-09 15:43 - 2016-02-12 04:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-03-09 15:43 - 2016-02-12 04:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-03-09 15:43 - 2016-02-12 04:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-03-09 15:43 - 2016-02-12 04:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-03-09 15:43 - 2016-02-12 04:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-03-09 15:43 - 2016-02-12 04:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-03-09 15:43 - 2016-02-12 04:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-03-09 15:43 - 2016-02-12 03:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-03-09 15:43 - 2016-02-12 03:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-03-09 15:43 - 2016-02-12 03:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-03-09 15:43 - 2016-02-12 03:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-03-09 15:43 - 2016-02-12 03:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-03-09 15:43 - 2016-02-12 03:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-03-09 15:43 - 2016-02-12 03:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-03-09 15:43 - 2016-02-05 03:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-03-09 15:43 - 2016-02-04 04:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-03-09 15:43 - 2016-02-04 04:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-03-09 15:43 - 2016-02-04 04:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-03-09 15:43 - 2016-02-04 04:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-03-09 15:43 - 2016-02-04 04:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS 2016-03-09 15:43 - 2016-01-12 05:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2016-03-09 15:43 - 2015-11-20 00:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2016-03-09 15:43 - 2015-11-20 00:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2016-03-09 15:43 - 2015-04-18 13:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-03-09 15:43 - 2015-04-18 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-03-09 15:43 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2016-03-09 15:43 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2016-03-09 15:43 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2016-03-09 15:43 - 2014-07-09 12:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2016-03-09 15:43 - 2014-07-09 12:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2016-03-09 15:43 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2016-03-09 15:43 - 2014-07-09 11:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2016-03-09 15:43 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2016-03-09 15:43 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2016-03-09 15:43 - 2014-07-09 11:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2016-03-09 15:42 - 2016-02-12 04:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-03-09 15:42 - 2016-02-12 04:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-03-09 15:42 - 2016-02-12 04:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-03-09 15:42 - 2016-02-12 04:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-03-09 15:42 - 2016-02-12 04:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-03-09 15:42 - 2016-02-12 04:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-03-09 15:42 - 2016-02-12 04:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-03-09 15:42 - 2016-02-12 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-03-09 15:42 - 2016-02-12 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-03-09 15:42 - 2016-02-12 04:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-03-09 15:42 - 2016-02-12 04:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-03-09 15:42 - 2016-02-12 04:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-03-09 15:42 - 2016-02-12 04:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-03-09 15:42 - 2016-02-12 04:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-03-09 15:42 - 2016-02-12 04:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 04:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 03:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-03-09 15:42 - 2016-02-12 03:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-03-09 15:42 - 2016-02-12 03:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-03-09 15:42 - 2016-02-12 03:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-03-09 15:42 - 2016-02-12 03:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-03-09 15:42 - 2016-02-12 03:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-03-09 15:42 - 2016-02-12 03:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-03-09 15:42 - 2016-02-12 03:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 03:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 03:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-03-09 15:42 - 2016-02-12 03:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-03-09 15:41 - 2016-02-09 19:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-03-09 15:41 - 2016-02-09 19:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-03-09 15:41 - 2016-02-09 19:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2016-03-09 15:41 - 2016-02-09 19:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2016-03-09 15:41 - 2016-02-09 19:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll 2016-03-09 15:41 - 2016-02-09 19:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2016-03-09 15:41 - 2016-02-09 19:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-03-09 15:41 - 2016-02-09 19:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-03-09 15:41 - 2016-02-09 19:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2016-03-09 15:41 - 2016-02-09 19:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2016-03-09 15:41 - 2016-02-09 19:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2016-03-09 15:41 - 2016-02-06 04:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-03-09 15:41 - 2016-02-06 04:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-03-09 15:41 - 2016-02-06 04:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-03-09 15:41 - 2016-02-06 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-03-09 15:41 - 2016-02-06 04:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-03-09 15:41 - 2016-02-06 04:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-03-09 15:41 - 2016-02-06 04:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-03-09 15:41 - 2016-02-06 03:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-03-09 15:41 - 2016-02-06 03:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-03-09 15:41 - 2016-02-06 03:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-03-09 15:41 - 2016-02-05 11:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll 2016-03-09 15:41 - 2016-02-05 04:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll 2016-03-09 15:41 - 2012-07-07 06:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys 2016-03-09 15:41 - 2011-04-28 13:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS 2016-03-09 15:41 - 2011-03-11 16:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys 2016-03-09 15:41 - 2011-03-11 16:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys 2016-03-09 15:41 - 2011-03-11 16:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys 2016-03-09 15:41 - 2011-03-11 16:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys 2016-03-09 15:41 - 2011-03-11 16:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys 2016-03-09 15:41 - 2011-03-11 16:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-03-09 15:41 - 2011-03-11 16:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe 2016-03-09 15:41 - 2011-03-11 15:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-03-09 15:41 - 2011-03-11 15:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe 2016-03-09 15:36 - 2016-02-20 05:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-03-09 15:36 - 2016-02-20 04:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-03-09 15:36 - 2016-02-20 00:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-03-09 15:36 - 2016-02-12 00:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-03-09 15:36 - 2016-02-06 00:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-03-09 15:36 - 2016-02-06 00:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-03-09 15:36 - 2016-02-06 00:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-03-09 15:36 - 2015-11-17 06:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-03-09 15:36 - 2015-06-04 06:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2016-03-09 09:30 - 2016-03-25 03:01 - 00000000 ___SD C:\Windows\system32\GWX 2016-03-08 17:22 - 2016-03-10 03:15 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-03-08 16:12 - 2012-07-26 12:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2016-03-08 16:12 - 2012-07-26 12:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2016-03-08 16:11 - 2012-07-26 13:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2016-03-08 16:11 - 2012-07-26 13:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2016-03-08 16:11 - 2012-07-26 13:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2016-03-08 16:11 - 2012-07-26 13:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2016-03-08 16:11 - 2012-07-26 13:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2016-03-08 16:11 - 2012-06-03 00:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2016-03-08 15:55 - 2012-03-01 16:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2016-03-08 15:55 - 2012-03-01 16:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2016-03-08 15:55 - 2012-03-01 15:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2016-03-08 15:43 - 2014-07-01 08:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2016-03-08 15:43 - 2014-07-01 08:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2016-03-08 15:43 - 2014-03-10 07:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2016-03-08 15:43 - 2014-03-10 07:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2016-03-08 15:43 - 2014-03-10 07:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2016-03-08 15:43 - 2014-03-10 07:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2016-03-08 15:42 - 2014-06-06 16:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2016-03-08 15:42 - 2014-06-06 16:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2016-03-08 14:56 - 2016-03-08 14:56 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2016-03-08 14:56 - 2016-03-08 14:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2016-03-08 14:55 - 2016-03-08 14:55 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2016-03-08 14:52 - 2016-03-16 17:20 - 00000000 ____D C:\Windows\Panther 2016-03-08 13:40 - 2015-01-09 13:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2016-03-08 13:40 - 2015-01-09 13:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2016-03-08 13:40 - 2015-01-09 13:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2016-03-08 13:40 - 2015-01-09 12:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2016-03-08 13:25 - 2015-02-03 13:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2016-03-08 13:25 - 2015-02-03 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2016-03-08 13:25 - 2015-02-03 13:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2016-03-08 13:25 - 2015-02-03 13:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2016-03-08 13:25 - 2015-02-03 13:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2016-03-08 13:25 - 2015-02-03 13:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2016-03-08 13:25 - 2015-02-03 13:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2016-03-08 13:25 - 2015-02-03 13:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2016-03-08 13:25 - 2013-10-12 12:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2016-03-08 13:25 - 2013-10-12 12:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2016-03-08 13:25 - 2013-10-12 12:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL 2016-03-08 13:25 - 2013-10-12 12:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll 2016-03-08 13:25 - 2013-10-12 12:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL 2016-03-08 13:25 - 2012-11-02 15:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2016-03-08 13:25 - 2012-11-02 15:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2016-03-08 13:24 - 2012-03-17 17:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys 2016-03-08 13:23 - 2016-01-07 05:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-03-08 13:23 - 2016-01-07 05:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2016-03-08 13:23 - 2016-01-07 04:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-03-08 13:23 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll 2016-03-08 13:23 - 2015-11-14 09:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll 2016-03-08 13:23 - 2015-11-14 09:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe 2016-03-08 13:23 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll 2016-03-08 13:23 - 2015-11-14 08:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll 2016-03-08 13:23 - 2015-11-14 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe 2016-03-08 13:23 - 2015-11-06 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-03-08 13:23 - 2015-11-06 05:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-03-08 13:23 - 2015-08-06 03:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2016-03-08 13:23 - 2015-06-02 10:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2016-03-08 13:23 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2016-03-08 13:23 - 2015-04-13 13:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2016-03-08 13:23 - 2014-12-12 03:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2016-03-08 13:23 - 2014-01-28 12:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2016-03-08 13:23 - 2013-10-30 12:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2016-03-08 13:23 - 2013-10-30 12:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2016-03-08 13:23 - 2013-03-19 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll 2016-03-08 13:23 - 2011-06-16 15:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll 2016-03-08 13:23 - 2011-06-16 14:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll 2016-03-08 13:23 - 2011-06-15 20:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll 2016-03-08 13:23 - 2011-06-15 20:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll 2016-03-08 13:23 - 2011-06-15 20:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll 2016-03-08 13:23 - 2011-06-15 20:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll 2016-03-08 13:23 - 2011-06-15 18:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll 2016-03-08 13:23 - 2011-06-15 18:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll 2016-03-08 13:23 - 2011-06-15 18:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll 2016-03-08 13:23 - 2011-06-15 18:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll 2016-03-08 13:23 - 2011-06-15 18:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll 2016-03-08 13:22 - 2015-07-16 04:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-03-08 13:22 - 2015-07-16 04:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2016-03-08 13:22 - 2015-07-16 04:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2016-03-08 13:22 - 2012-10-10 04:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll 2016-03-08 13:22 - 2012-10-10 04:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll 2016-03-08 13:22 - 2012-10-10 03:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2016-03-08 13:22 - 2012-10-10 03:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2016-03-08 13:22 - 2010-12-23 20:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2016-03-08 13:22 - 2010-12-23 20:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2016-03-08 13:22 - 2010-12-23 15:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll 2016-03-08 13:22 - 2010-12-23 15:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax 2016-03-08 13:21 - 2015-07-11 03:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2016-03-08 13:21 - 2015-07-11 03:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2016-03-08 13:21 - 2015-07-11 03:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2016-03-08 13:21 - 2015-07-11 03:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2016-03-08 13:21 - 2015-07-11 03:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2016-03-08 13:21 - 2015-07-11 03:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2016-03-08 13:21 - 2015-05-26 04:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2016-03-08 13:21 - 2015-05-26 04:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2016-03-08 13:21 - 2015-05-26 04:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2016-03-08 13:21 - 2015-05-26 04:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2016-03-08 13:21 - 2015-05-26 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2016-03-08 13:21 - 2015-05-26 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2016-03-08 13:21 - 2015-05-26 04:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2016-03-08 13:21 - 2015-05-26 04:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2016-03-08 13:21 - 2015-05-26 04:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2016-03-08 13:21 - 2015-05-26 04:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2016-03-08 13:21 - 2015-05-26 04:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2016-03-08 13:21 - 2015-05-26 04:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2016-03-08 13:20 - 2012-01-04 20:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-03-08 13:20 - 2012-01-04 18:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-03-08 13:19 - 2015-11-04 05:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2016-03-08 13:19 - 2015-11-04 04:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2016-03-08 13:19 - 2014-08-01 21:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2016-03-08 13:19 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2016-03-08 13:19 - 2011-11-17 16:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll 2016-03-08 13:19 - 2011-11-17 15:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll 2016-03-08 13:19 - 2011-05-04 15:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2016-03-08 13:19 - 2011-05-04 15:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2016-03-08 13:19 - 2011-05-04 15:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2016-03-08 13:19 - 2011-05-04 15:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2016-03-08 13:19 - 2011-05-04 15:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2016-03-08 13:19 - 2011-05-04 15:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2016-03-08 13:19 - 2011-05-04 15:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2016-03-08 13:19 - 2011-05-04 15:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2016-03-08 13:19 - 2011-05-04 15:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2016-03-08 13:19 - 2011-05-04 14:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2016-03-08 13:19 - 2011-05-04 14:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2016-03-08 13:19 - 2011-05-04 14:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll 2016-03-08 13:19 - 2011-05-04 14:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2016-03-08 13:19 - 2011-05-04 14:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll 2016-03-08 13:19 - 2011-05-04 14:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll 2016-03-08 13:19 - 2011-05-04 14:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2016-03-08 13:19 - 2011-05-04 14:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2016-03-08 13:19 - 2011-05-04 14:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe 2016-03-08 13:13 - 2015-07-10 03:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2016-03-08 13:13 - 2015-07-10 03:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll 2016-03-08 13:13 - 2015-07-10 03:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2016-03-08 13:13 - 2015-07-10 03:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll 2016-03-08 13:13 - 2014-12-19 13:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2016-03-08 13:13 - 2014-10-14 12:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2016-03-08 13:13 - 2014-06-19 08:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2016-03-08 13:13 - 2014-04-05 12:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2016-03-08 13:13 - 2014-04-05 12:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2016-03-08 13:13 - 2014-01-29 12:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2016-03-08 13:13 - 2014-01-29 12:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2016-03-08 13:13 - 2013-11-26 21:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2016-03-08 13:13 - 2013-10-19 12:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2016-03-08 13:13 - 2013-10-19 11:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2016-03-08 13:12 - 2015-07-15 13:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2016-03-08 13:12 - 2014-12-06 14:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2016-03-08 13:12 - 2014-12-06 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2016-03-08 13:12 - 2014-12-06 13:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2016-03-08 13:12 - 2011-12-30 16:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2016-03-08 13:12 - 2011-12-30 15:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl 2016-03-08 13:11 - 2015-02-03 13:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2016-03-08 13:11 - 2015-02-03 13:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2016-03-08 13:11 - 2015-01-29 13:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2016-03-08 13:11 - 2015-01-29 13:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2016-03-08 13:11 - 2014-06-18 12:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2016-03-08 13:11 - 2014-06-18 11:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2016-03-08 13:11 - 2013-10-04 12:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2016-03-08 13:11 - 2013-10-04 12:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2016-03-08 13:11 - 2013-10-04 11:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2016-03-08 13:11 - 2013-10-04 11:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2016-03-08 13:11 - 2013-08-05 12:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2016-03-08 13:10 - 2015-11-11 04:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-03-08 13:10 - 2015-11-11 04:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-03-08 13:10 - 2015-07-02 06:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2016-03-08 13:10 - 2015-07-02 06:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2016-03-08 13:10 - 2015-07-02 06:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2016-03-08 13:10 - 2015-07-02 06:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2016-03-08 13:10 - 2013-12-04 12:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2016-03-08 13:10 - 2013-12-04 12:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2016-03-08 13:10 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2016-03-08 13:10 - 2013-12-04 12:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2016-03-08 13:10 - 2013-12-04 12:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2016-03-08 13:10 - 2013-12-04 12:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2016-03-08 13:10 - 2013-12-04 12:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2016-03-08 13:10 - 2013-12-04 12:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2016-03-08 13:10 - 2013-12-04 12:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2016-03-08 13:10 - 2013-12-04 12:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2016-03-08 13:10 - 2013-12-04 12:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2016-03-08 13:10 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2016-03-08 13:10 - 2013-12-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2016-03-08 13:10 - 2013-12-04 12:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2016-03-08 13:10 - 2013-12-04 11:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2016-03-08 13:10 - 2013-12-04 11:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2016-03-08 13:10 - 2013-12-04 11:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2016-03-08 13:10 - 2013-12-04 11:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2016-03-08 13:10 - 2013-11-27 11:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2016-03-08 13:10 - 2013-11-27 11:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2016-03-08 13:10 - 2013-11-27 11:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2016-03-08 13:10 - 2013-11-27 11:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2016-03-08 13:10 - 2013-11-27 11:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2016-03-08 13:10 - 2013-04-26 09:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-03-08 13:10 - 2013-04-01 08:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-03-08 13:10 - 2012-07-05 06:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys 2016-03-08 13:10 - 2011-03-11 16:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2016-03-08 13:10 - 2011-03-11 16:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2016-03-08 13:10 - 2011-03-11 15:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll 2016-03-08 13:10 - 2011-03-11 15:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll 2016-03-08 13:09 - 2015-04-25 04:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2016-03-08 13:09 - 2015-04-25 03:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2016-03-08 13:09 - 2013-02-12 14:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys 2016-03-08 13:08 - 2016-01-08 03:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-03-08 13:08 - 2015-04-28 05:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-03-08 13:08 - 2015-04-28 05:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-03-08 13:08 - 2015-04-28 05:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-03-08 13:08 - 2015-04-28 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-03-08 13:08 - 2015-04-28 05:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-03-08 13:08 - 2015-04-28 05:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-03-08 13:08 - 2015-04-28 05:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-03-08 13:08 - 2015-04-28 05:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-03-08 13:06 - 2015-11-06 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2016-03-08 13:06 - 2015-11-06 05:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2016-03-08 13:06 - 2015-11-05 19:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2016-03-08 13:06 - 2013-06-26 08:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2016-03-08 13:06 - 2012-11-29 08:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys 2016-03-08 13:06 - 2012-11-29 08:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll 2016-03-08 13:06 - 2012-11-29 08:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2016-03-08 13:05 - 2015-10-02 04:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-03-08 13:05 - 2015-10-02 04:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-03-08 13:05 - 2015-10-02 04:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-03-08 13:05 - 2015-10-02 04:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-03-08 13:05 - 2015-10-02 04:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-03-08 13:05 - 2015-10-02 04:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-03-08 13:05 - 2015-10-02 04:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-03-08 13:05 - 2015-10-02 03:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-03-08 13:05 - 2015-10-02 03:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-03-08 13:05 - 2015-06-04 06:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2016-03-08 13:05 - 2015-06-04 06:16 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-03-08 13:05 - 2015-06-04 06:16 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-03-08 13:02 - 2015-11-12 04:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2016-03-08 13:02 - 2015-11-12 04:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2016-03-08 13:02 - 2015-11-12 04:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2016-03-08 13:02 - 2015-11-12 04:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2016-03-08 13:02 - 2015-10-14 02:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2016-03-08 13:02 - 2015-10-14 02:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2016-03-08 13:02 - 2013-07-12 20:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2016-03-08 13:02 - 2013-07-03 14:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2016-03-08 13:02 - 2013-07-03 14:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2016-03-08 13:02 - 2012-10-04 03:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll 2016-03-08 13:02 - 2012-10-04 03:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2016-03-08 13:02 - 2012-10-04 03:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2016-03-08 13:02 - 2012-10-04 03:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2016-03-08 13:02 - 2012-10-04 03:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2016-03-08 13:02 - 2012-10-04 02:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2016-03-08 13:02 - 2012-10-04 02:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2016-03-08 13:02 - 2012-10-04 02:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys 2016-03-08 13:01 - 2015-06-16 07:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-03-08 13:01 - 2015-06-16 07:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-03-08 13:01 - 2015-06-16 07:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-03-08 13:01 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-03-08 13:01 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-03-08 13:01 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-03-08 13:01 - 2015-06-16 07:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-03-08 13:01 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-03-08 13:01 - 2011-03-03 16:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-03-08 13:01 - 2011-03-03 16:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2016-03-08 13:01 - 2011-03-03 16:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2016-03-08 13:01 - 2011-03-03 15:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-03-08 13:01 - 2011-03-03 15:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe 2016-03-08 13:00 - 2014-03-04 19:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2016-03-08 13:00 - 2014-03-04 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2016-03-08 13:00 - 2014-03-04 19:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2016-03-08 13:00 - 2014-03-04 19:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2016-03-08 13:00 - 2014-03-04 19:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2016-03-08 13:00 - 2014-03-04 19:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2016-03-08 13:00 - 2014-03-04 19:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2016-03-08 13:00 - 2014-03-04 19:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2016-03-08 12:59 - 2015-10-30 03:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2016-03-08 12:59 - 2015-10-30 03:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2016-03-08 12:59 - 2015-10-30 03:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2016-03-08 12:59 - 2015-10-30 03:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2016-03-08 12:59 - 2015-10-30 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2016-03-08 12:59 - 2015-10-30 03:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2016-03-08 12:59 - 2015-10-30 03:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2016-03-08 12:59 - 2015-07-23 10:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-03-08 12:59 - 2015-07-23 10:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2016-03-08 12:59 - 2015-07-23 03:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2016-03-08 12:59 - 2015-07-23 02:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2016-03-08 12:59 - 2012-08-22 07:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe 2016-03-08 12:57 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2016-03-08 12:57 - 2015-07-10 03:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2016-03-08 12:57 - 2015-07-10 03:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe 2016-03-08 12:57 - 2014-08-12 12:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2016-03-08 12:57 - 2014-08-12 11:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2016-03-08 12:57 - 2014-06-16 12:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-03-08 12:57 - 2013-04-10 16:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-03-08 12:57 - 2011-04-29 13:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-03-08 12:57 - 2011-04-29 13:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-03-08 12:57 - 2011-04-29 13:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-03-08 12:57 - 2011-02-03 21:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-03-08 12:56 - 2013-09-08 12:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-03-08 12:56 - 2013-09-08 12:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-03-08 12:56 - 2012-12-07 23:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll 2016-03-08 12:56 - 2012-12-07 23:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll 2016-03-08 12:56 - 2012-12-07 22:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll 2016-03-08 12:56 - 2012-12-07 22:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll 2016-03-08 12:56 - 2012-12-07 21:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs 2016-03-08 12:56 - 2012-12-07 21:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs 2016-03-08 12:56 - 2012-12-07 21:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs 2016-03-08 12:56 - 2012-12-07 20:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs 2016-03-08 12:55 - 2015-12-09 07:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2016-03-08 12:55 - 2015-12-09 05:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2016-03-08 12:55 - 2011-08-17 15:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll 2016-03-08 12:55 - 2011-08-17 15:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax 2016-03-08 12:55 - 2011-08-17 14:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll 2016-03-08 12:55 - 2011-08-17 14:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax 2016-03-08 12:53 - 2015-06-25 20:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-03-08 12:53 - 2015-06-25 20:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-03-08 12:51 - 2015-02-18 17:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-03-08 12:51 - 2015-02-18 17:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-03-08 12:50 - 2014-11-11 13:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2016-03-08 12:50 - 2014-11-11 12:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2016-03-08 12:42 - 2015-12-09 07:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2016-03-08 12:42 - 2015-12-09 07:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL 2016-03-08 12:42 - 2015-12-09 07:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL 2016-03-08 12:42 - 2015-12-09 07:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL 2016-03-08 12:42 - 2015-12-09 07:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll 2016-03-08 12:42 - 2015-12-09 07:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-03-08 12:42 - 2015-12-09 07:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL 2016-03-08 12:42 - 2015-12-09 07:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-03-08 12:42 - 2015-12-09 07:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2016-03-08 12:42 - 2015-12-09 07:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL 2016-03-08 12:42 - 2015-12-09 05:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2016-03-08 12:42 - 2015-12-09 05:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL 2016-03-08 12:41 - 2015-12-09 07:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-03-08 12:41 - 2015-12-09 07:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL 2016-03-08 12:41 - 2015-12-09 07:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL 2016-03-08 12:41 - 2015-12-09 07:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll 2016-03-08 12:41 - 2015-12-09 07:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax 2016-03-08 12:41 - 2015-12-09 07:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2016-03-08 12:41 - 2015-12-09 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL 2016-03-08 12:41 - 2015-12-09 07:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll 2016-03-08 12:41 - 2015-12-09 07:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll 2016-03-08 12:41 - 2015-12-09 07:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2016-03-08 12:41 - 2015-12-09 07:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2016-03-08 12:41 - 2015-12-09 07:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll 2016-03-08 12:41 - 2015-12-09 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL 2016-03-08 12:41 - 2015-12-09 05:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll 2016-03-08 12:41 - 2015-12-09 05:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2016-03-08 12:41 - 2015-12-09 05:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll 2016-03-08 12:41 - 2015-12-09 05:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax 2016-03-08 12:41 - 2015-12-09 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2016-03-08 12:41 - 2015-12-09 05:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2016-03-08 12:41 - 2015-12-09 04:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2016-03-08 12:41 - 2015-12-09 04:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2016-03-08 12:41 - 2015-12-09 04:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys 2016-03-08 12:41 - 2015-04-11 13:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2016-03-08 12:41 - 2015-02-25 13:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2016-03-08 12:40 - 2013-07-26 12:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2016-03-08 12:40 - 2013-07-26 11:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2016-03-08 12:39 - 2014-02-04 12:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2016-03-08 12:39 - 2014-02-04 12:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2016-03-08 12:39 - 2014-02-04 12:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2016-03-08 12:39 - 2014-02-04 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2016-03-08 12:39 - 2014-02-04 12:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2016-03-08 12:39 - 2012-09-26 08:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2016-03-08 12:39 - 2012-09-26 08:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll 2016-03-08 12:38 - 2011-02-06 03:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll 2016-03-08 12:38 - 2011-02-06 03:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll 2016-03-08 12:38 - 2011-02-06 03:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll 2016-03-08 12:29 - 2015-08-28 04:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2016-03-08 12:29 - 2015-08-28 04:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-03-08 12:29 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2016-03-08 12:29 - 2015-08-28 04:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-03-08 12:29 - 2015-08-28 03:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2016-03-08 12:29 - 2015-08-28 03:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-03-08 12:29 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2016-03-08 12:29 - 2015-08-28 03:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-03-08 12:27 - 2016-01-17 05:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-03-08 12:27 - 2016-01-17 04:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-03-08 12:22 - 2015-01-17 12:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-03-08 12:22 - 2015-01-17 12:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-03-08 12:22 - 2014-10-30 12:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2016-03-08 12:22 - 2014-10-30 11:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2016-03-08 12:22 - 2014-09-04 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2016-03-08 12:22 - 2014-09-04 15:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2016-03-08 12:22 - 2013-04-26 15:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-03-08 12:22 - 2013-04-26 14:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2016-03-08 12:20 - 2016-01-22 16:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-03-08 12:20 - 2016-01-22 16:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-03-08 12:20 - 2016-01-22 16:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-03-08 12:20 - 2016-01-22 16:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-03-08 12:20 - 2016-01-22 16:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-03-08 12:20 - 2016-01-22 16:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-03-08 12:20 - 2016-01-22 16:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-03-08 12:20 - 2015-09-23 23:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-03-08 12:20 - 2015-09-23 23:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-03-08 12:20 - 2015-09-23 23:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-03-08 12:19 - 2014-10-03 12:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2016-03-08 12:19 - 2014-10-03 12:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2016-03-08 12:19 - 2014-10-03 12:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2016-03-08 12:19 - 2014-10-03 12:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2016-03-08 12:19 - 2014-10-03 12:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2016-03-08 12:19 - 2014-10-03 11:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2016-03-08 12:19 - 2014-10-03 11:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2016-03-08 12:19 - 2014-10-03 11:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2016-03-08 12:19 - 2014-10-03 11:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2016-03-08 12:19 - 2014-10-03 11:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2016-03-08 12:18 - 2016-01-22 16:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-03-08 12:18 - 2016-01-22 16:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-03-08 12:18 - 2016-01-22 16:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-03-08 12:18 - 2016-01-22 16:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-03-08 12:18 - 2016-01-22 16:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-03-08 12:18 - 2016-01-22 15:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-03-08 12:18 - 2016-01-22 15:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-03-08 12:18 - 2016-01-22 15:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-03-08 12:18 - 2015-10-13 14:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2016-03-08 12:18 - 2013-05-10 15:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2016-03-08 12:18 - 2013-05-10 13:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2016-03-08 12:18 - 2012-11-23 13:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe 2016-03-08 12:18 - 2011-05-24 21:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll 2016-03-08 12:18 - 2011-05-24 20:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll 2016-03-08 12:18 - 2011-05-24 20:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll 2016-03-08 12:18 - 2011-05-24 20:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll 2016-03-08 12:18 - 2011-05-24 20:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe 2016-03-08 12:17 - 2015-12-09 07:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-03-08 12:17 - 2015-12-09 05:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-03-08 12:17 - 2014-10-25 11:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2016-03-08 12:17 - 2014-10-25 11:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2016-03-08 12:17 - 2014-07-17 12:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2016-03-08 12:17 - 2014-07-17 12:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2016-03-08 12:17 - 2014-07-17 12:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2016-03-08 12:17 - 2014-07-17 12:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2016-03-08 12:17 - 2014-07-17 11:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2016-03-08 12:17 - 2014-07-17 11:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2016-03-08 12:17 - 2014-07-17 11:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2016-03-08 12:17 - 2014-07-17 11:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2016-03-08 12:17 - 2012-07-05 08:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2016-03-08 12:17 - 2012-07-05 08:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll 2016-03-08 12:17 - 2012-07-05 08:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll 2016-03-08 12:17 - 2012-07-05 07:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2016-03-08 12:17 - 2012-07-05 07:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2016-03-08 12:17 - 2012-04-26 15:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll 2016-03-08 12:17 - 2012-04-26 15:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe 2016-03-08 12:16 - 2015-11-04 05:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2016-03-08 12:16 - 2015-11-04 04:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2016-03-08 12:16 - 2015-03-04 14:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2016-03-08 12:16 - 2015-03-04 14:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2016-03-08 12:16 - 2015-03-04 14:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2016-03-08 12:16 - 2014-12-08 13:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2016-03-08 12:16 - 2014-12-08 12:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2016-03-08 12:16 - 2013-10-12 12:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2016-03-08 12:16 - 2013-10-12 12:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2016-03-08 12:16 - 2013-10-12 12:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2016-03-08 12:16 - 2013-10-12 12:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2016-03-08 12:16 - 2013-10-12 11:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2016-03-08 12:16 - 2013-10-12 11:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2016-03-08 12:16 - 2013-10-12 11:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2016-03-08 12:16 - 2013-10-12 11:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2016-03-08 12:16 - 2013-05-13 15:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll 2016-03-08 12:16 - 2013-05-13 13:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe 2016-03-08 12:16 - 2013-05-13 13:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2016-03-08 12:16 - 2013-05-13 13:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2016-03-08 12:16 - 2013-01-24 16:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys 2016-03-08 12:16 - 2012-05-14 15:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-03-08 12:16 - 2011-12-16 18:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll 2016-03-08 12:16 - 2011-12-16 17:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll 2016-03-08 12:16 - 2011-08-27 15:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll 2016-03-08 12:16 - 2011-08-27 14:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll 2016-03-08 12:16 - 2011-05-03 15:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-03-08 12:16 - 2011-05-03 14:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-03-08 12:16 - 2011-02-23 14:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-03-08 12:16 - 2011-02-18 20:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2016-03-08 12:16 - 2011-02-18 15:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe 2016-03-08 12:16 - 2011-02-12 21:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe 2016-03-08 12:15 - 2012-06-06 16:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll 2016-03-08 12:15 - 2012-06-06 15:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2016-03-08 10:58 - 2016-03-08 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-03-08 10:58 - 2016-03-08 10:58 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2016-03-08 10:55 - 2016-03-08 11:01 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Mozilla 2016-03-08 10:55 - 2016-03-08 10:57 - 30510920 _____ C:\Users\Guy Fawkes\Downloads\vlc-2.2.2-win32.exe 2016-03-08 10:55 - 2016-03-08 10:55 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-03-08 10:55 - 2016-03-08 10:55 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Mozilla 2016-03-08 10:54 - 2016-03-27 02:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-03-08 10:50 - 2016-03-08 10:50 - 00242080 _____ C:\Users\Guy Fawkes\Downloads\Firefox Setup Stub 44.0.2.exe 2016-03-08 10:43 - 2013-08-28 11:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2016-03-08 10:25 - 2016-03-08 10:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN 2016-03-08 10:20 - 2016-03-08 10:20 - 00000000 ____D C:\Program Files\Dell 2016-03-08 10:20 - 2011-01-18 13:20 - 08151552 _____ (Dell Inc.) C:\Windows\system32\BCMWLCPL.CPL 2016-03-08 10:20 - 2011-01-18 13:20 - 04961800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcredist_x64.exe 2016-03-08 10:20 - 2011-01-18 13:20 - 04763648 _____ (Dell Inc.) C:\Windows\system32\bcmttls.dll 2016-03-08 10:20 - 2011-01-18 13:20 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x64.exe 2016-03-08 10:20 - 2011-01-18 13:20 - 01124352 _____ (Dell Inc.) C:\Windows\system32\BCMLogon.dll 2016-03-08 10:20 - 2011-01-18 13:20 - 00073728 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll 2016-03-08 10:20 - 2011-01-18 13:20 - 00022592 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys 2016-03-08 10:20 - 2011-01-18 13:20 - 00000459 _____ C:\Windows\SysWOW64\vcredist_x64.bat 2016-03-08 10:20 - 2011-01-18 13:20 - 00000457 _____ C:\Windows\system32\vcredist_x64.bat 2016-03-08 10:20 - 2011-01-18 13:19 - 04719680 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS 2016-03-08 10:20 - 2011-01-18 13:19 - 03900416 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll 2016-03-08 10:20 - 2011-01-18 13:19 - 03566080 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll 2016-03-08 10:20 - 2011-01-18 13:19 - 00095544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll 2016-03-08 10:20 - 2011-01-18 13:19 - 00006656 _____ C:\Windows\system32\bcmwlrc.dll 2016-03-08 10:19 - 2012-02-17 16:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2016-03-08 10:19 - 2012-02-17 15:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2016-03-08 10:19 - 2012-02-17 14:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2016-03-08 10:15 - 2016-03-08 10:16 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Dell 2016-03-08 09:43 - 2016-03-31 09:47 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\ElevatedDiagnostics 2016-03-08 09:32 - 2016-03-08 09:32 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\QuickScan 2016-03-08 09:27 - 2016-03-08 09:28 - 00000000 ____D C:\ProgramData\Avg 2016-03-08 09:24 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Avg 2016-03-08 08:16 - 2016-03-08 08:16 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-03-08 08:15 - 2016-03-08 16:56 - 00000000 ____D C:\Program Files (x86)\Intel 2016-03-08 08:15 - 2016-03-08 10:27 - 00000000 ____D C:\Program Files\Intel 2016-03-08 08:15 - 2016-03-08 08:15 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Intel 2016-03-08 08:15 - 2016-03-08 08:15 - 00000000 ____D C:\ProgramData\Intel 2016-03-08 08:15 - 2016-03-08 08:15 - 00000000 ____D C:\Program Files\Common Files\Intel 2016-03-08 08:15 - 2016-03-08 08:15 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-03-08 08:14 - 2016-03-08 09:35 - 00000000 ____D C:\ProgramData\Package Cache 2016-03-08 08:01 - 2016-03-10 20:10 - 00058016 _____ C:\Users\Guy Fawkes\AppData\Local\GDIPFONTCACHEV1.DAT 2016-03-07 21:36 - 2016-03-07 21:36 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\WindowsUpdate 2016-03-07 21:21 - 2016-03-07 21:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-03-07 21:21 - 2016-03-07 21:21 - 00000000 ____D C:\Program Files (x86)\Dell 2016-03-07 21:20 - 2016-01-16 12:34 - 00404040 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe 2016-03-07 21:20 - 2016-01-16 12:34 - 00001904 _____ C:\Windows\system32\SetupBD.din 2016-03-07 21:15 - 2016-03-28 14:45 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\VirtualStore 2016-03-07 21:14 - 2016-03-17 17:16 - 00000000 ____D C:\Users\Guy Fawkes 2016-03-07 21:14 - 2016-03-07 21:14 - 00000020 ___SH C:\Users\Guy Fawkes\ntuser.ini 2016-03-07 21:14 - 2016-03-07 21:14 - 00000000 _SHDL C:\Users\Guy Fawkes\My Documents 2016-03-07 21:14 - 2016-03-07 21:14 - 00000000 _SHDL C:\Users\Guy Fawkes\Documents\My Videos 2016-03-07 21:14 - 2016-03-07 21:14 - 00000000 _SHDL C:\Users\Guy Fawkes\Documents\My Pictures 2016-03-07 21:14 - 2016-03-07 21:14 - 00000000 _SHDL C:\Users\Guy Fawkes\Documents\My Music 2016-03-07 21:14 - 2011-04-12 18:28 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\Media Center Programs 2016-03-06 14:45 - 2016-03-06 14:45 - 00000256 _____ C:\WirelessDiagLog.csv ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-04 09:44 - 2009-07-14 15:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-04 09:44 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf 2016-04-04 09:34 - 2009-07-14 14:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-04 09:34 - 2009-07-14 14:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-04 09:26 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-04 02:00 - 2009-07-14 13:20 - 00000000 __RHD C:\Users\Public\Libraries 2016-04-04 00:19 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\NDF 2016-03-12 18:11 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache 2016-03-12 03:27 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\AppCompat 2016-03-12 03:17 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-03-10 04:50 - 2009-07-14 14:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-10 04:47 - 2011-04-12 18:28 - 00000000 ____D C:\Program Files\Windows Journal 2016-03-10 04:47 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Common Files\System 2016-03-09 09:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-03-09 09:31 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\Dism 2016-03-09 09:30 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\Windows Defender 2016-03-09 09:30 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-03-09 09:30 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\tracing 2016-03-09 09:30 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers 2016-03-08 14:56 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-03-08 14:56 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\sysprep 2016-03-08 14:51 - 2016-02-09 10:19 - 00008192 __RSH C:\BOOTSECT.BAK 2016-03-08 14:51 - 2009-07-14 15:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2016-03-08 10:20 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\lv-LV 2016-03-08 10:20 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\lt-LT 2016-03-08 10:20 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\et-EE 2016-03-08 10:20 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\Help 2016-03-08 09:30 - 2009-07-14 13:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-08 09:30 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-03-07 21:20 - 2016-02-09 20:10 - 00000000 ____D C:\drvrtmp ==================== Files in the root of some directories ======= 2016-04-03 22:55 - 2016-04-03 22:55 - 0000106 _____ () C:\Users\Guy Fawkes\AppData\Local\Application Data.7z 2016-03-28 15:13 - 2016-03-28 15:13 - 0000706 _____ () C:\Users\Guy Fawkes\AppData\Local\recently-used.xbel 2016-03-16 16:59 - 2016-04-04 02:49 - 0007677 _____ () C:\Users\Guy Fawkes\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\Guy Fawkes\AppData\Local\Temp\libeay32.dll C:\Users\Guy Fawkes\AppData\Local\Temp\msvcr120.dll C:\Users\Guy Fawkes\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-03-29 13:03 ==================== End of FRST.txt ============================

BC AdBot (Login to Remove)

 


#2 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 03 April 2016 - 07:09 PM

I dont know why this is happening to my posts!!!

I'm just going to attach the logs

Attached Files


Edited by IWantMyInternetBack, 03 April 2016 - 07:17 PM.


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 03 April 2016 - 07:20 PM

Hello IWantMyInternetBack and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

 

Please can you post Additional.txt log file also ?


Edited by olgun52, 03 April 2016 - 07:42 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 03 April 2016 - 07:23 PM

When i preview the post its neat and not a mess? wtf is going on

let me know what you want me to do i cant seem to copy the log and add it to my post without it cramming.

I attached both logs to my second post, on my screen anyway!

Edited by IWantMyInternetBack, 03 April 2016 - 07:29 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 03 April 2016 - 07:44 PM

İt is Okay now.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 03 April 2016 - 08:19 PM

Hi there,

 

The system  isn't very bad. What sort of problems are you experiencing?

Which do you use antivirus ?
============================

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
==================================================================
Please run Farbar Service Scanner.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 03 April 2016 - 08:38 PM

Ok well its rough over here! MiniToolBox by Farbar Version: 07-02-2016 01 Ran by Guy Fawkes (administrator) on 04-04-2016 at 11:33:55 Running from "C:\Users\Guy Fawkes\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Model: Latitude E6510 Manufacturer: Dell Inc. Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.type", 0 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected) Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : GuyFawkes-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card Physical Address. . . . . . . . . : C4-46-19-25-39-88 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::38db:c383:f4f2:66ee%15(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.19(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Monday, April 04, 2016 9:43:13 AM Lease Expires . . . . . . . . . . : Tuesday, April 05, 2016 9:43:18 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 365184537 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-6F-1C-58-00-26-B9-BE-E3-63 DNS Servers . . . . . . . . . . . : 2002:73bb:cf53:0:eafc:afff:fef5:f5e 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection Physical Address. . . . . . . . . : 00-26-B9-BE-E3-63 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{4E7E30DC-DAAC-4983-8050-1AE83C2FE11F}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{E684CE24-9CC6-471C-B698-30F474C9EBF0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 2002:73bb:cf53:0:eafc:afff:fef5:f5e Pinging google.com [216.58.220.110] with 32 bytes of data: Reply from 216.58.220.110: bytes=32 time=58ms TTL=58 Reply from 216.58.220.110: bytes=32 time=38ms TTL=58 Ping statistics for 216.58.220.110: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 38ms, Maximum = 58ms, Average = 48ms Server: UnKnown Address: 2002:73bb:cf53:0:eafc:afff:fef5:f5e Pinging yahoo.com [98.138.253.109] with 32 bytes of data: Reply from 98.138.253.109: bytes=32 time=248ms TTL=49 Reply from 98.138.253.109: bytes=32 time=260ms TTL=49 Ping statistics for 98.138.253.109: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 248ms, Maximum = 260ms, Average = 254ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 15...c4 46 19 25 39 88 ......DW1520 Wireless-N WLAN Half-Mini Card 13...00 26 b9 be e3 63 ......Intel® 82577LM Gigabit Network Connection 1...........................Software Loopback Interface 1 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.19 30 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.19 286 192.168.1.19 255.255.255.255 On-link 192.168.1.19 286 192.168.1.255 255.255.255.255 On-link 192.168.1.19 286 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.19 286 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.19 286 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 15 286 fe80::/64 On-link 15 286 fe80::38db:c383:f4f2:66ee/128 On-link 1 306 ff00::/8 On-link 15 286 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/04/2016 09:27:14 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 09:27:13 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 02:34:45 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (04/04/2016 02:27:16 AM) (Source: Desktop Window Manager) (User: ) Description: The Desktop Window Manager has encountered a fatal error (0x8007000e) Error: (04/04/2016 02:22:18 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (04/04/2016 02:22:16 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Error: (04/04/2016 02:20:59 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 02:19:37 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 02:19:35 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/04/2016 02:18:42 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (04/04/2016 09:26:44 AM) (Source: volmgr) (User: ) Description: Crash dump initialization failed! Error: (04/04/2016 09:26:44 AM) (Source: volmgr) (User: ) Description: Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error: (04/04/2016 02:24:14 AM) (Source: Service Control Manager) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (04/04/2016 02:24:14 AM) (Source: Application Popup) (User: ) Description: \??\C:\Users\GUYFAW~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/04/2016 02:24:13 AM) (Source: Service Control Manager) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (04/04/2016 02:24:13 AM) (Source: Application Popup) (User: ) Description: \??\C:\Users\GUYFAW~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/04/2016 02:24:13 AM) (Source: Service Control Manager) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (04/04/2016 02:24:13 AM) (Source: Application Popup) (User: ) Description: \??\C:\Users\GUYFAW~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/04/2016 02:24:12 AM) (Source: Service Control Manager) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (04/04/2016 02:24:12 AM) (Source: Application Popup) (User: ) Description: \??\C:\Users\GUYFAW~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Microsoft Office Sessions: ========================= Error: (04/04/2016 09:27:14 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE Error: (04/04/2016 09:27:13 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Windows\System32\BCMLogon.dll Error: (04/04/2016 02:34:45 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/04/2016 02:27:16 AM) (Source: Desktop Window Manager)(User: ) Description: 0x8007000e Error: (04/04/2016 02:22:18 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Guy Fawkes\Desktop\esetsmartinstaller_enu.exe Error: (04/04/2016 02:22:16 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Guy Fawkes\Desktop\esetsmartinstaller_enu.exe Error: (04/04/2016 02:20:59 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Windows\system32\BCMWLCPL.CPL Error: (04/04/2016 02:19:37 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Windows\system32\BCMWLCPL.CPL Error: (04/04/2016 02:19:35 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Windows\system32\BCMWLCPL.CPL Error: (04/04/2016 02:18:42 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE =========================== Installed Programs ============================ 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.26.6 - Dell) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.4.311 - Foxit Software Inc.) GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider) Intel® Network Connections 20.7.67.0 (HKLM\...\PROSetDX) (Version: 20.7.67.0 - Intel) Intel® PROSet/Wireless Software (HKLM-x32\...\{7a06df8f-4c5a-4207-aa9e-019406e3a46d}) (Version: 17.1.0 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla) qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, https://www.wireshark.org) ========================= Memory info: =================================== Percentage of memory in use: 43% Total physical RAM: 1973.84 MB Available physical RAM: 1112.87 MB Total Virtual: 1973.84 MB Available Virtual: 947.17 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:232.88 GB) (Free:114.65 GB) NTFS ========================= Users: ======================================== User accounts for \\GUYFAWKES-PC Administrator Guest Guy Fawkes **** End of log **** Farbar Service Scanner Version: 27-01-2016 Ran by Guy Fawkes (administrator) on 04-04-2016 at 11:37:18 Running from "C:\Users\Guy Fawkes\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****

#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 04 April 2016 - 01:27 PM

Hi again

 

I don't see fss.txt.

=========================

FRST Fixlist script run:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
CreateRestorePoint:
CloseProcesses:
Task: {21669654-85F1-4515-A5EF-AEDB40478400} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {261D2CDB-17D9-419A-B19B-D03B7C93F1C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {33A68FB2-2DFA-46A6-8DF4-AF7E4150843B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {565E0CCE-658C-44FE-B864-8FA3B67247B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5DAFBFE9-66C2-4F6A-832C-275EE4351AA4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {702BA321-0316-4D66-BAFF-F85D893F3918} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8137AB59-135B-4029-A920-98355877BFBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {89CE60C1-82DF-44B4-BB8C-15C3D1918775} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {98DC745C-804B-4A34-866E-80266D87AFCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A1CD6737-C1AD-4BED-86E3-E7266A4BCCD6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AF2ACFC8-E354-433F-800B-12C314729550} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C3014283-63B7-4460-BC71-071E210498C2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F42E6FCC-173A-40C6-AE9B-5284DDEEFB8A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
FF HKU\S-1-5-21-3256969152-94519139-2226236424-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Guy Fawkes\AppData\Local\XDM\xdmff => not found
C:\Users\Guy Fawkes\AppData\Local\Temp\libeay32.dll 
C:\Users\Guy Fawkes\AppData\Local\Temp\msvcr120.dll 
C:\Users\Guy Fawkes\AppData\Local\Temp\sqlite3.dll
C:\Users\Guy Fawkes\AppData\Roaming\Wireshark
C:\Users\Guy Fawkes\AppData\Roaming\VC
C:\Users\Guy Fawkes\AppData\Roaming\Subhra Das Gupta
C:\Users\Guy Fawkes\AppData\Roaming\vlc
C:\Users\Guy Fawkes\AppData\Roaming\qBittorrent
C:\Users\Guy Fawkes\AppData\Roaming\deluge
2016-03-08 09:32 - 2016-03-08 09:32 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\QuickScan
2016-03-08 09:27 - 2016-03-08 09:28 - 00000000 ____D C:\ProgramData\Avg
2016-03-08 09:24 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Avg
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
end
Reboot:

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.
=============================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

============================================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 April 2016 - 06:54 PM

Farbar Service Scanner Version: 27-01-2016 Ran by Guy Fawkes (administrator) on 04-04-2016 at 11:37:18 Running from "C:\Users\Guy Fawkes\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Guy Fawkes (2016-04-07 09:07:08) Run:1 Running from C:\Users\Guy Fawkes\Desktop Loaded Profiles: Guy Fawkes (Available Profiles: Guy Fawkes) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: Task: {21669654-85F1-4515-A5EF-AEDB40478400} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {261D2CDB-17D9-419A-B19B-D03B7C93F1C2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {33A68FB2-2DFA-46A6-8DF4-AF7E4150843B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {565E0CCE-658C-44FE-B864-8FA3B67247B9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {5DAFBFE9-66C2-4F6A-832C-275EE4351AA4} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {702BA321-0316-4D66-BAFF-F85D893F3918} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {8137AB59-135B-4029-A920-98355877BFBF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {89CE60C1-82DF-44B4-BB8C-15C3D1918775} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {98DC745C-804B-4A34-866E-80266D87AFCC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {A1CD6737-C1AD-4BED-86E3-E7266A4BCCD6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {AF2ACFC8-E354-433F-800B-12C314729550} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {C3014283-63B7-4460-BC71-071E210498C2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F42E6FCC-173A-40C6-AE9B-5284DDEEFB8A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" FF HKU\S-1-5-21-3256969152-94519139-2226236424-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\Guy Fawkes\AppData\Local\XDM\xdmff => not found C:\Users\Guy Fawkes\AppData\Local\Temp\libeay32.dll C:\Users\Guy Fawkes\AppData\Local\Temp\msvcr120.dll C:\Users\Guy Fawkes\AppData\Local\Temp\sqlite3.dll C:\Users\Guy Fawkes\AppData\Roaming\Wireshark C:\Users\Guy Fawkes\AppData\Roaming\VC C:\Users\Guy Fawkes\AppData\Roaming\Subhra Das Gupta C:\Users\Guy Fawkes\AppData\Roaming\vlc C:\Users\Guy Fawkes\AppData\Roaming\qBittorrent C:\Users\Guy Fawkes\AppData\Roaming\deluge 2016-03-08 09:32 - 2016-03-08 09:32 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Roaming\QuickScan 2016-03-08 09:27 - 2016-03-08 09:28 - 00000000 ____D C:\ProgramData\Avg 2016-03-08 09:24 - 2016-03-08 09:24 - 00000000 ____D C:\Users\Guy Fawkes\AppData\Local\Avg Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset RemoveProxy: EmptyTemp: end Reboot: ***************** Error: (0) Failed to create a restore point. Processes closed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21669654-85F1-4515-A5EF-AEDB40478400}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21669654-85F1-4515-A5EF-AEDB40478400}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{261D2CDB-17D9-419A-B19B-D03B7C93F1C2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{261D2CDB-17D9-419A-B19B-D03B7C93F1C2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33A68FB2-2DFA-46A6-8DF4-AF7E4150843B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33A68FB2-2DFA-46A6-8DF4-AF7E4150843B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{565E0CCE-658C-44FE-B864-8FA3B67247B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{565E0CCE-658C-44FE-B864-8FA3B67247B9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DAFBFE9-66C2-4F6A-832C-275EE4351AA4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DAFBFE9-66C2-4F6A-832C-275EE4351AA4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{702BA321-0316-4D66-BAFF-F85D893F3918}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{702BA321-0316-4D66-BAFF-F85D893F3918}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8137AB59-135B-4029-A920-98355877BFBF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8137AB59-135B-4029-A920-98355877BFBF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{89CE60C1-82DF-44B4-BB8C-15C3D1918775}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CE60C1-82DF-44B4-BB8C-15C3D1918775}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98DC745C-804B-4A34-866E-80266D87AFCC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98DC745C-804B-4A34-866E-80266D87AFCC}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1CD6737-C1AD-4BED-86E3-E7266A4BCCD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1CD6737-C1AD-4BED-86E3-E7266A4BCCD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF2ACFC8-E354-433F-800B-12C314729550}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2ACFC8-E354-433F-800B-12C314729550}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3014283-63B7-4460-BC71-071E210498C2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3014283-63B7-4460-BC71-071E210498C2}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F42E6FCC-173A-40C6-AE9B-5284DDEEFB8A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F42E6FCC-173A-40C6-AE9B-5284DDEEFB8A}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BsScanner" => key removed successfully HKU\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Mozilla\Firefox\Extensions\\xdmff@xdman.sourceforge.net => value removed successfully C:\Users\Guy Fawkes\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\Guy Fawkes\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\Guy Fawkes\AppData\Local\Temp\sqlite3.dll => moved successfully C:\Users\Guy Fawkes\AppData\Roaming\Wireshark => moved successfully C:\Users\Guy Fawkes\AppData\Roaming\VC => moved successfully C:\Users\Guy Fawkes\AppData\Roaming\Subhra Das Gupta => moved successfully "C:\Users\Guy Fawkes\AppData\Roaming\vlc" => not found. C:\Users\Guy Fawkes\AppData\Roaming\qBittorrent => moved successfully C:\Users\Guy Fawkes\AppData\Roaming\deluge => moved successfully C:\Users\Guy Fawkes\AppData\Roaming\QuickScan => moved successfully C:\ProgramData\Avg => moved successfully C:\Users\Guy Fawkes\AppData\Local\Avg => moved successfully ========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F ========= The operation completed successfully. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ipv4 reset ========= Reseting Global, OK! Reseting Interface, OK! Reseting Unicast Address, OK! Reseting Route, OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh int ipv6 reset ========= There's no user specified settings to be reset. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3256969152-94519139-2226236424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3256969152-94519139-2226236424-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= EmptyTemp: => 277.8 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 09:07:12 ====

#10 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 April 2016 - 06:58 PM

My apologies but I am getting redirected like mad when I try to get on this site. To answer your earlier question i had bullgard av but had to delete it because it would not let me control it (options greyed out). zemana keeps shutting down during the update!

#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 06 April 2016 - 07:33 PM

Hi again,
I understand.  I have deleted some Bulguard files. Because ,It looked like residual .

 

Please do the following,

Boot to Safemode with Networking

To Enter Safemode

  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
    this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
  • Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode
 
next....

  • Please download rkill (Courtesy of Bleepingcomputer.com).
  • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
  • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
  • Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe

2. rkill.com

3. rkill.scr

4. WiNlOgOn.exe

5. uSeRiNiT.exe

 
next....
 
Scan with Malwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
  • If Malware or Potentially Unwanted Programs ''PUPs'' are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

next....

Zemana software also can run.

next....

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards


Edited by olgun52, 06 April 2016 - 07:34 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 06 April 2016 - 10:06 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 04/07/2016 10:58:21 AM in x64 mode. (Safe Mode) Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * Security Center (wscsvc) is not Running. Startup Type set to: Automatic (Delayed Start) * Windows Update (wuauserv) is not Running. Startup Type set to: Automatic (Delayed Start) * WMPNetworkSvc [Missing Service] * WSearch [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 04/07/2016 10:58:26 AM Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s) Zenama does not work in safe mode.... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 4/7/2016 Scan Time: 11:05 AM Logfile: mbam.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.04.06.06 Rootkit Database: v2016.04.03.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Guy Fawkes Scan Type: Custom Scan Result: Completed Objects Scanned: 428455 Time Elapsed: 58 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 RiskWare.HeuristicsReservedWordExploit, C:\Users\Guy Fawkes\Desktop\uSeRiNiT.exe, , [f4aaf4b7edac73c356e9c56af80d748c], Physical Sectors: 0 (No malicious items detected) (end) Eset found nothing. Thankyou for helping me so far I hope you still got some tricks up your sleave! this thing is really hard to get rid of :(

#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 07 April 2016 - 02:33 PM

Hi again,
 

Files: 1 RiskWare.HeuristicsReservedWordExploit, C:\Users\Guy Fawkes\Desktop\uSeRiNiT.exe, [f4aaf4b7edac73c356e9c56af80d748c]

Why this file on the desktop ?

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Users\Guy Fawkes\Desktop\uSeRiNiT.exe
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

 

Note:Or Is this file may rkill? <_<

=============================================================================

Step 1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Edited by olgun52, 07 April 2016 - 02:36 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 08 April 2016 - 07:41 AM

Hey, https://www.virustotal.com/en/file/6f084bfc9e26773a7d8f6c59b3650f7307a7b725fd2e9fddcba2199c28a349af/analysis/1460117652/ --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 11.0.9600.18230 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 2069716992, free: 1099407360 Downloaded database version: v2016.04.08.02 Downloaded database version: v2016.04.03.01 Downloaded database version: v2016.04.05.01 ======================================= Driver version: 0.3.0.4 ------------ Kernel report ------------ 04/08/2016 22:22:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\DRIVERS\pcmcia.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\iaStorV.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\psapi.dll \Windows\System32\sechost.dll \Windows\System32\setupapi.dll \Windows\System32\imm32.dll \Windows\System32\lpk.dll \Windows\System32\iertutil.dll \Windows\System32\clbcatq.dll \Windows\System32\user32.dll \Windows\System32\Wldap32.dll \Windows\System32\msctf.dll \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\shell32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\urlmon.dll \Windows\System32\kernel32.dll \Windows\System32\msvcrt.dll \Windows\System32\comdlg32.dll \Windows\System32\shlwapi.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\gdi32.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\advapi32.dll \Windows\System32\ws2_32.dll \Windows\System32\difxapi.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\userenv.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2016.04.08.02 rootkit: v2016.04.03.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80033cd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80033cdab0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80033cd060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80025f9050, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStorV\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: BD94EF10 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 488393072 Partition is bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 250059350016 bytes Sector size: 512 bytes Done! Infected: C:\Users\Guy Fawkes\Desktop\uSeRiNiT.exe --> [RiskWare.HeuristicsReservedWordExploit] Scan finished User declined to cleanup malware. ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished RogueKiller V12.1.1.0 [Apr 4 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Guy Fawkes [Administrator] Started from : C:\Users\Guy Fawkes\Desktop\RogueKiller.exe Mode : Scan -- Date : 04/08/2016 22:39:34 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 10 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{511FFF13-51C8-4862-9B9B-8BAB55E08B77} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{511FFF13-51C8-4862-9B9B-8BAB55E08B77} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][X]) -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3256969152-94519139-2226236424-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD2500BEKT-75A25T0 +++++ --- User --- [MBR] 625d53fecd7956d17ac097cd5ae8f70b [BSP] 7acfac82e43dcde8ea85101c30ca7c78 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 238473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK

#15 IWantMyInternetBack

IWantMyInternetBack
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 08 April 2016 - 07:51 AM

Whoops I think I posted the wrong one Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2016.04.08.02 rootkit: v2016.04.03.01 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 11.0.9600.18230 Guy Fawkes :: GUYFAWKES-PC [administrator] 4/8/2016 10:22:14 PM mbar-log-2016-04-08 (22-22-14).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 285513 Time elapsed: 8 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Guy Fawkes\Desktop\uSeRiNiT.exe (RiskWare.HeuristicsReservedWordExploit) -> No action taken. [184ae0cc2a6fd264a6e039f842c3df21] Physical Sectors Detected: 0 (No malicious items detected) (end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users