Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Spyware/Adware (May have survived HDD format)


  • Please log in to reply
14 replies to this topic

#1 HYTTIOAOA

HYTTIOAOA

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 05 September 2016 - 08:56 AM

Hi, I have always been cautious about installing programs and so on, but with mods in games or installing rogue or adware infecting antimalware/antivirus programs I should be more careful. It started yesterday as I turned on adwcleaner and it showed two instances of ask.com installed on chrome. I was still using google and so was my browser so this was strange. I kept trying to delete it but it kept returning every reboot, this is when I booted to safe mode and tried deleting it. This time it worked. I then installed hijackthis to see a log of some possible problems and there were a few possible ones. However I noticed three r0 with either blanks in place of urls, or start pages being blank.html for internet explorer. So I did a system format and when I used hijackthis (Installed from this website so it's safe) it showed r0 entries that were still there either with blank urls or blank.htm

 

I will provide two logs. Two from FRST and one from Hijackthis. Thanks in advance.

 

Note: I am running a 64 bit system

Also hijackthis was denied write permission to the hosts files

 

Edit: Well I was wrong there is probably (99.99%) no malware as my logs are very common to others who are not infected. I don't need clarity, either I am fine.


Edited by HYTTIOAOA, 05 September 2016 - 11:54 AM.


BC AdBot (Login to Remove)

 


#2 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 05 September 2016 - 02:44 PM

Title was: Just Want to Check if Everything is Fine ~ OB

Recently I used killdisk in the fear that malware might be present (rootkit) but I just want to check if I did it correctly and if I don't need to worry about malware anymore. I will provide logs below. Any help would be greatly appreciated. I won't shut this one down like the last thread I made.
 
I also got a hitmanpro log it shows a cookie to a website I have never been on.

Attached Files


Edited by Orange Blossom, 05 September 2016 - 11:08 PM.
Merged topics. ~ OB


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:36 PM

Posted 10 September 2016 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/625759 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 10 September 2016 - 10:46 PM

Hi! Thanks for your help, and I still need assurance that my system is OK and without any malicious files.

 

Description of Problem: My system previously had adware on it and potentially spyware, I'm not sure. I all began when I did an adwcleaner scan and ask.com came up in the google chrome section despite me ever having seen it, as I was still using google. I tried to remove it but every reboot it came back, until I went into safe mode and it actually got removed. In many attempts to explain why this was here I just was finished with this and decided to use killdisk with the 1 pass method, and it seemingly worked as when I attempted to bootup again it displayed a message, but no windows, so I reinstalled windows and to be sure I did some scans. malwarebytes found nothing, Kaspersky found nothing, McAfee found nothing, and the same was with the eset online scanner, and also VIPRERescue. But hitman pro found a cookie.

 

C:\Users\AJ\AppData\Local\Microsoft\Windows\INetCookies\DU1IK76E.txt

 

This was to a website I had never visited and there are seemingly no programs associated with this. I am worried that something survived me killing the hard drive.

 

I will provide logs of FRST, and Addition

 

I forgot to mention Hijackthis noted three R0 entries when I used it with no URL or a blank.html URL but I never got redirected during use of IE. I just wanted to know if it's normal or actually malicious 

Attached Files



#5 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 11 September 2016 - 02:49 PM

Hi HYTTIOAOA,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

 

Thank you for your patience,

 

packetanalyzer



#6 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 12 September 2016 - 09:33 PM

Hello HYTTIOAOA, welcome to Bleeping Computer and thank you for posting your FRST log. You can call me packetanalyzer and I will be helping you with your removing malware from your computer. Please take a moment to review the following.

Please read my instructions completely and follow them closely.

Please do not run any tools unless and until I ask you to do so.

Please only run the tools I ask you to run.

If you have any questions at any point, please stop and ask me before you try to complete the step.

Please refrain from using your computer for any purpose other than us working together to clean malware from it until I have notified you your computer is clean.

Please be patient as most of us at Bleeping Computer are volunteers and your logs take time to closely analyze. If you do not hear back from me in 48 hours, please feel free to send me a PM.

If I do not hear from you within 3 days after any post, this thread will be closed.
 
Now we are going to get started. Please do the following:

 

  1. Remove FRST and HijackThis. It appears you have a lot going on with this question and it will help if we can start fresh.
  2. Restart your computer in normal mode
  3. Use the directions below to download, run, and post a current FRST log

 

Create an FRST Log
 
We need to run a scan using FRST to collect some information from your computer. Once we have this information we can analyze it and determine what we need to do next.

  • Please go to http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/.
  • Download the appropriate version for the computer you are going to run FRST on. If you aren't sure which version you need, please download both versions and save the program to your desktop.
  • Right click FRST (the file will be named FRST.exe or FRST64.exe depending on which version you are using) and select Run as administrator. If you downloaded both versions of FRST, please try FRST.exe first and if it tells you it is the wrong version then please run FRST64.exe as administrator.
  • You will be asked if you accept the user agreement. If you do, please accept the agreement.
  • Click Scan.
  • When FRST completes the scan, two notepad windows will open. One will be named FRST.txt and another will be named Addition.txt. Please copy and paste these into your next reply.


#7 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 13 September 2016 - 06:30 PM

Hello packetanalyzer thank you very much for the help  :)

 

Here is the FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by AJ (administrator) on BLUEBEHEMOTH (13-09-2016 19:25:43)
Running from C:\Users\AJ\Desktop
Loaded Profiles: AJ (Available Profiles: AJ)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Spotify Ltd) C:\Users\AJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\AJ\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spotify Ltd) C:\Users\AJ\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\AJ\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\AJ\AppData\Roaming\Spotify\Spotify.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-08-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2016-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\Run: [Spotify Web Helper] => C:\Users\AJ\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-12] (Spotify Ltd)
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\Run: [Spotify] => C:\Users\AJ\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-12] (Spotify Ltd)
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\RunOnce: [Uninstall C:\Users\AJ\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AJ\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\...\MountPoints2: {07f42fec-781c-11e6-be66-806e6f6e6963} - "D:\setup.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f0d974dc-51ca-4856-a171-f130bc970f79}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-11] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-11] (Oracle Corporation)
BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-11] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
CHR Extension: (Google Docs) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
CHR Extension: (Google Drive) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-09-11]
CHR Extension: (YouTube) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
CHR Extension: (Adblock Plus) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-11]
CHR Extension: (uBlock Origin) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-11]
CHR Extension: (Google Sheets) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
CHR Extension: (Kaspersky Protection) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-09-11]
CHR Extension: (Kaspersky Password Manager) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-11]
CHR Extension: (Gmail) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
CHR Extension: (Chrome Media Router) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-11]
CHR Profile: C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-11]
CHR Extension: (Google Docs) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-11]
CHR Extension: (Google Drive) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-11]
CHR Extension: (YouTube) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-11]
CHR Extension: (uBlock Origin) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-11]
CHR Extension: (Google Sheets) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-11]
CHR Extension: (Kaspersky Protection) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-09-11]
CHR Extension: (Kaspersky Password Manager) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfcidnhfgllloclgemladhopcimnmokl [2016-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-11]
CHR Extension: (uMatrix) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-09-12]
CHR Extension: (Gmail) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-11]
CHR Extension: (Chrome Media Router) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-11]
CHR Extension: (Privacy Badger) - C:\Users\AJ\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-09-12]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-3895701127-2468208170-3203695500-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-25] (NVIDIA Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-25] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12471368 2016-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-09-11] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-09-11] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2016-09-11] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-09-11] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-09-11] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
U0 klupd_klif_arkmon; C:\Windows\System32\Drivers\klupd_klif_arkmon.sys [223528 2016-09-11] (AO Kaspersky Lab)
U3 klupd_klif_klark; C:\Windows\System32\Drivers\klupd_klif_klark.sys [252560 2016-09-11] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\Windows\System32\Drivers\klupd_klif_klbg.sys [112336 2016-09-11] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\Windows\System32\Drivers\klupd_klif_mark.sys [167904 2016-09-11] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-09-11] (AO Kaspersky Lab)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3851cb7c8216f9e\nvlddmkm.sys [14216760 2016-08-27] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56376 2016-08-25] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-13 19:25 - 2016-09-13 19:26 - 00019748 _____ C:\Users\AJ\Desktop\FRST.txt
2016-09-13 19:25 - 2016-09-13 19:25 - 02398720 _____ (Farbar) C:\Users\AJ\Desktop\FRST64.exe
2016-09-13 19:25 - 2016-09-13 19:25 - 00000000 ____D C:\FRST
2016-09-12 20:06 - 2016-09-12 20:06 - 00000000 ____D C:\Users\AJ\Documents\Virtual Machines
2016-09-12 17:15 - 2016-09-12 17:15 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Warner Bros. Interactive Entertainment
2016-09-11 21:37 - 2016-09-11 21:37 - 00000000 ____D C:\Users\AJ\Desktop\Media
2016-09-11 21:28 - 2016-09-13 19:04 - 00000000 ____D C:\Users\AJ\AppData\Local\Spotify
2016-09-11 21:28 - 2016-09-11 21:28 - 00001851 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-11 21:27 - 2016-09-13 19:24 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Spotify
2016-09-11 21:04 - 2016-09-12 17:15 - 00000000 ____D C:\Users\AJ\Desktop\Games
2016-09-11 21:03 - 2016-09-12 16:56 - 00000000 ____D C:\Users\AJ\Desktop\Launcher
2016-09-11 20:49 - 2016-09-11 20:49 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-09-11 20:46 - 2016-09-11 20:48 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-09-11 20:37 - 2016-09-11 20:37 - 00000000 ____D C:\WINDOWS\pss
2016-09-11 19:16 - 2016-09-11 20:59 - 00000000 ____D C:\Users\AJ\AppData\Local\CrashDumps
2016-09-11 19:08 - 2016-09-11 19:08 - 00000000 ____D C:\Users\AJ\AppData\Roaming\.mono
2016-09-11 19:08 - 2016-09-11 19:08 - 00000000 ____D C:\Users\AJ\AppData\Local\Colossal Order
2016-09-11 19:08 - 2016-09-11 19:08 - 00000000 ____D C:\ProgramData\.mono
2016-09-11 19:07 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-09-11 19:07 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-09-11 19:07 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-09-11 19:07 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-09-11 19:07 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-09-11 19:07 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-09-11 19:07 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-09-11 19:07 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-09-11 19:07 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-09-11 19:07 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-09-11 19:07 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-09-11 19:07 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-09-11 19:07 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-09-11 19:07 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-09-11 19:07 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-09-11 19:07 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-09-11 19:07 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-09-11 19:07 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-09-11 19:07 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-09-11 19:07 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-09-11 19:07 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-09-11 19:07 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-09-11 19:07 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-09-11 19:07 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-09-11 19:07 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-09-11 19:07 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-09-11 19:07 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-09-11 19:07 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-09-11 19:07 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-09-11 19:07 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-09-11 19:07 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-09-11 19:07 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-09-11 19:07 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-09-11 19:07 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-09-11 19:07 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-09-11 19:07 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-09-11 19:07 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-09-11 19:07 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-09-11 19:07 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-09-11 19:07 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-09-11 19:07 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-09-11 19:07 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-09-11 19:07 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-09-11 19:07 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-09-11 19:07 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-09-11 19:07 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-09-11 19:07 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-09-11 19:07 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-09-11 19:07 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-09-11 19:07 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-09-11 19:07 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-09-11 19:07 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-09-11 19:07 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-09-11 19:07 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-09-11 19:07 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-09-11 19:07 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-09-11 19:07 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-09-11 19:07 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-09-11 19:07 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-09-11 19:07 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-09-11 19:07 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-09-11 19:07 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-09-11 19:07 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-09-11 19:07 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-09-11 19:07 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-09-11 19:07 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-09-11 19:07 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-09-11 19:07 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-09-11 19:07 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-09-11 19:07 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-09-11 19:07 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-09-11 19:07 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-09-11 19:07 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-09-11 19:07 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-09-11 19:07 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-09-11 19:07 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-09-11 19:07 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-09-11 19:07 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-09-11 19:07 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-09-11 19:07 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-09-11 19:07 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-09-11 19:07 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-09-11 19:07 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-09-11 19:07 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-09-11 19:07 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-09-11 19:07 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-09-11 19:07 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-09-11 19:07 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-09-11 19:07 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-09-11 19:07 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-09-11 19:07 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-09-11 19:07 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-09-11 19:07 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-09-11 19:07 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-09-11 19:07 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-09-11 19:07 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-09-11 19:07 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-09-11 19:07 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-09-11 19:07 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-09-11 19:07 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-09-11 19:07 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-09-11 19:07 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-09-11 19:07 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-09-11 19:07 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-09-11 19:07 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-09-11 19:07 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-09-11 19:07 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-09-11 19:07 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-09-11 19:07 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-09-11 19:07 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-09-11 19:07 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-09-11 19:07 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-09-11 19:07 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-09-11 19:07 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-09-11 19:07 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-09-11 19:07 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-09-11 19:07 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-09-11 19:07 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-09-11 18:19 - 2016-09-11 18:19 - 00000000 ____D C:\Program Files\CMAK
2016-09-11 18:19 - 2016-09-11 18:19 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-09-11 18:05 - 2016-09-11 18:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-11 18:05 - 2016-09-11 18:05 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-11 17:54 - 2016-08-27 01:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-11 17:54 - 2016-08-27 01:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-11 17:54 - 2016-08-27 00:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-11 17:54 - 2016-08-27 00:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-11 17:54 - 2016-08-27 00:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-11 17:54 - 2016-08-27 00:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-11 17:54 - 2016-08-27 00:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-11 17:54 - 2016-08-27 00:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-11 17:54 - 2016-08-27 00:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-11 17:54 - 2016-08-20 02:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-11 17:54 - 2016-08-20 02:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-11 17:54 - 2016-08-20 01:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-11 17:54 - 2016-08-20 01:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-11 17:54 - 2016-08-20 01:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-11 17:54 - 2016-08-20 01:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-11 17:54 - 2016-08-20 01:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-11 17:54 - 2016-08-20 01:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-11 17:54 - 2016-08-20 01:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-11 17:54 - 2016-08-20 01:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-11 17:54 - 2016-08-20 01:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-11 17:54 - 2016-08-20 01:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-11 17:54 - 2016-08-20 01:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-11 17:54 - 2016-08-20 01:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-11 17:54 - 2016-08-20 01:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-11 17:54 - 2016-08-20 01:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-11 17:54 - 2016-08-20 01:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-11 17:54 - 2016-08-20 01:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-11 17:54 - 2016-08-20 01:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-11 17:54 - 2016-08-20 01:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-11 17:54 - 2016-08-20 01:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-11 17:54 - 2016-08-20 01:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-11 17:54 - 2016-08-20 01:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-11 17:54 - 2016-08-20 01:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-11 17:54 - 2016-08-20 01:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-11 17:54 - 2016-08-20 01:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-11 17:54 - 2016-08-20 01:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-11 17:54 - 2016-08-20 01:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-11 17:54 - 2016-08-20 01:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-11 17:54 - 2016-08-20 01:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-11 17:54 - 2016-08-20 01:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-11 17:54 - 2016-08-20 01:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-11 17:54 - 2016-08-20 01:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-11 17:54 - 2016-08-20 01:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-11 17:54 - 2016-08-20 01:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-11 17:54 - 2016-08-20 01:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-11 17:54 - 2016-08-20 01:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-11 17:54 - 2016-08-20 01:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-11 17:54 - 2016-08-20 01:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-11 17:54 - 2016-08-20 01:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-11 17:54 - 2016-08-20 01:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-11 17:54 - 2016-08-20 01:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-11 17:54 - 2016-08-20 01:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-11 17:54 - 2016-08-20 01:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-11 17:54 - 2016-08-20 01:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-11 17:54 - 2016-08-20 01:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-11 17:54 - 2016-08-20 01:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-11 17:54 - 2016-08-20 01:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-11 17:54 - 2016-08-20 01:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-11 17:54 - 2016-08-20 01:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-11 17:54 - 2016-08-20 01:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-11 17:54 - 2016-08-20 01:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-11 17:54 - 2016-08-20 01:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-11 17:54 - 2016-08-20 01:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-11 17:54 - 2016-08-20 01:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-11 17:54 - 2016-08-20 01:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-11 17:54 - 2016-08-20 01:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-11 17:54 - 2016-08-20 01:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-11 17:54 - 2016-08-20 01:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-11 17:54 - 2016-08-20 01:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-11 17:54 - 2016-08-20 01:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-11 17:54 - 2016-08-20 01:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-11 17:54 - 2016-08-20 01:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-11 17:54 - 2016-08-20 01:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-11 17:54 - 2016-08-20 01:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-11 17:54 - 2016-08-20 01:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-11 17:54 - 2016-08-20 01:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-11 17:54 - 2016-08-20 01:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-11 17:54 - 2016-08-20 01:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-11 17:54 - 2016-08-20 01:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-11 17:54 - 2016-08-20 01:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-11 17:54 - 2016-08-20 01:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-11 17:54 - 2016-08-20 01:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-11 17:54 - 2016-08-20 01:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-11 17:54 - 2016-08-20 01:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-11 17:54 - 2016-08-20 01:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-11 17:54 - 2016-08-20 01:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-11 17:54 - 2016-08-20 01:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-11 17:54 - 2016-08-20 01:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-11 17:54 - 2016-08-20 01:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-11 17:54 - 2016-08-20 01:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-11 17:54 - 2016-08-20 01:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-11 17:54 - 2016-08-20 01:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-11 17:54 - 2016-08-20 01:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-11 17:54 - 2016-08-20 01:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-11 17:54 - 2016-08-20 01:08 - 00204288 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-11 17:54 - 2016-08-20 01:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-11 17:54 - 2016-08-20 01:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-11 17:54 - 2016-08-20 01:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-11 17:54 - 2016-08-20 01:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-11 17:54 - 2016-08-20 01:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-11 17:54 - 2016-08-20 01:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-11 17:54 - 2016-08-20 01:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-11 17:54 - 2016-08-20 01:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-11 17:54 - 2016-08-20 01:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-11 17:54 - 2016-08-20 01:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-11 17:54 - 2016-08-20 01:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-11 17:54 - 2016-08-20 01:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-11 17:54 - 2016-08-20 01:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-11 17:54 - 2016-08-20 01:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-11 17:54 - 2016-08-20 01:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-11 17:54 - 2016-08-20 01:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-11 17:54 - 2016-08-20 01:00 - 00141824 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-11 17:54 - 2016-08-20 00:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-11 17:54 - 2016-08-20 00:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-11 17:54 - 2016-08-20 00:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-11 17:54 - 2016-08-20 00:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-11 17:54 - 2016-08-20 00:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-11 17:54 - 2016-08-20 00:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-11 17:54 - 2016-08-20 00:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-11 17:54 - 2016-08-20 00:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-11 17:54 - 2016-08-20 00:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-11 17:54 - 2016-08-20 00:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-11 17:54 - 2016-08-20 00:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-11 17:54 - 2016-08-20 00:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-11 17:54 - 2016-08-20 00:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-11 17:54 - 2016-08-20 00:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-11 17:54 - 2016-08-20 00:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-11 17:54 - 2016-08-20 00:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-11 17:54 - 2016-08-20 00:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-11 17:54 - 2016-08-20 00:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-11 17:54 - 2016-08-06 00:31 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-11 17:54 - 2016-08-06 00:23 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-11 17:54 - 2016-08-06 00:18 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-11 17:54 - 2016-08-06 00:18 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-11 17:54 - 2016-08-06 00:18 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-11 17:54 - 2016-08-06 00:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-11 17:54 - 2016-08-06 00:17 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-11 17:54 - 2016-08-06 00:17 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-11 17:54 - 2016-08-06 00:16 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-11 17:54 - 2016-08-06 00:13 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-11 17:54 - 2016-08-06 00:13 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-11 17:54 - 2016-08-06 00:13 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-11 17:54 - 2016-08-06 00:13 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-11 17:54 - 2016-08-06 00:08 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-11 17:54 - 2016-08-06 00:08 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-11 17:54 - 2016-08-06 00:08 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-11 17:54 - 2016-08-06 00:08 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-09-11 17:54 - 2016-08-06 00:03 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-11 17:54 - 2016-08-06 00:03 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-09-11 17:54 - 2016-08-06 00:03 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-11 17:54 - 2016-08-06 00:03 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-11 17:54 - 2016-08-05 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-11 17:54 - 2016-08-05 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-11 17:54 - 2016-08-05 23:48 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-11 17:54 - 2016-08-05 23:48 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-09-11 17:54 - 2016-08-05 23:47 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-11 17:54 - 2016-08-05 23:47 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-11 17:54 - 2016-08-05 23:46 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-11 17:54 - 2016-08-05 23:46 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-11 17:54 - 2016-08-05 23:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-11 17:54 - 2016-08-05 23:45 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-11 17:54 - 2016-08-05 23:45 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-09-11 17:54 - 2016-08-05 23:45 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-09-11 17:54 - 2016-08-05 23:44 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-11 17:54 - 2016-08-05 23:44 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-09-11 17:54 - 2016-08-05 23:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-11 17:54 - 2016-08-05 23:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-11 17:54 - 2016-08-05 23:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-11 17:54 - 2016-08-05 23:41 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-09-11 17:54 - 2016-08-05 23:40 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-11 17:54 - 2016-08-05 23:40 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-11 17:54 - 2016-08-05 23:39 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-11 17:54 - 2016-08-05 23:39 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-11 17:54 - 2016-08-05 23:39 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-11 17:54 - 2016-08-05 23:38 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-11 17:54 - 2016-08-05 23:38 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-11 17:54 - 2016-08-05 23:36 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-11 17:54 - 2016-08-05 23:33 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-11 17:54 - 2016-08-05 23:31 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-11 17:54 - 2016-08-05 23:31 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-11 17:54 - 2016-08-05 23:31 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-11 17:54 - 2016-08-05 23:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-11 17:54 - 2016-08-05 23:31 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-11 17:54 - 2016-08-05 23:30 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-11 17:54 - 2016-08-05 23:30 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-11 17:54 - 2016-08-05 23:29 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-11 17:54 - 2016-08-05 23:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-11 17:54 - 2016-08-05 23:29 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-11 17:54 - 2016-08-05 23:29 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-11 17:54 - 2016-08-05 23:28 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-11 17:54 - 2016-08-05 23:28 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-11 17:54 - 2016-08-05 23:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-09-11 17:54 - 2016-08-05 23:26 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-11 17:54 - 2016-08-05 23:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-11 17:54 - 2016-08-05 23:25 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-11 17:54 - 2016-08-05 23:23 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-11 17:54 - 2016-08-05 23:23 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-11 17:54 - 2016-08-05 23:21 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-11 17:54 - 2016-08-05 23:19 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-11 17:54 - 2016-08-05 23:19 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-11 17:54 - 2016-08-02 04:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-11 17:54 - 2016-08-02 03:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-11 17:54 - 2016-08-02 00:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-11 17:54 - 2016-07-21 21:25 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-11 17:54 - 2016-07-21 21:18 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-11 17:54 - 2016-07-21 20:32 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-11 17:54 - 2016-07-21 20:31 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-11 17:53 - 2016-08-27 08:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-11 17:53 - 2016-08-27 05:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-11 17:53 - 2016-08-27 00:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-11 17:53 - 2016-08-27 00:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-11 17:53 - 2016-08-20 02:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-11 17:53 - 2016-08-20 02:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-11 17:53 - 2016-08-20 02:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-11 17:53 - 2016-08-20 02:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-11 17:53 - 2016-08-20 02:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-11 17:53 - 2016-08-20 02:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-11 17:53 - 2016-08-20 02:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-11 17:53 - 2016-08-20 02:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-11 17:53 - 2016-08-20 02:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-11 17:53 - 2016-08-20 01:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-11 17:53 - 2016-08-20 01:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-11 17:53 - 2016-08-20 01:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-11 17:53 - 2016-08-20 01:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-11 17:53 - 2016-08-20 01:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-11 17:53 - 2016-08-20 01:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-11 17:53 - 2016-08-20 01:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-11 17:53 - 2016-08-20 01:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-11 17:53 - 2016-08-20 01:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-11 17:53 - 2016-08-20 01:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-11 17:53 - 2016-08-20 01:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-11 17:53 - 2016-08-20 01:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-11 17:53 - 2016-08-20 01:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-11 17:53 - 2016-08-20 01:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-11 17:53 - 2016-08-20 01:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-11 17:53 - 2016-08-20 01:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-11 17:53 - 2016-08-20 01:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-11 17:53 - 2016-08-20 01:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-11 17:53 - 2016-08-20 01:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-11 17:53 - 2016-08-20 00:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-11 17:53 - 2016-08-20 00:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-11 17:53 - 2016-08-20 00:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-11 17:53 - 2016-08-20 00:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-11 17:53 - 2016-08-20 00:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-11 17:53 - 2016-08-20 00:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-11 17:53 - 2016-08-20 00:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-11 17:53 - 2016-08-20 00:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-11 17:53 - 2016-08-20 00:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-11 17:53 - 2016-08-20 00:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-11 17:53 - 2016-08-18 21:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-11 17:53 - 2016-08-06 00:33 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-11 17:53 - 2016-08-06 00:31 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-11 17:53 - 2016-08-06 00:29 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-11 17:53 - 2016-08-06 00:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-11 17:53 - 2016-08-06 00:17 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-09-11 17:53 - 2016-08-06 00:15 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-11 17:53 - 2016-08-06 00:13 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-11 17:53 - 2016-08-06 00:13 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-11 17:53 - 2016-08-06 00:09 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-11 17:53 - 2016-08-06 00:08 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-11 17:53 - 2016-08-06 00:08 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-11 17:53 - 2016-08-06 00:04 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-11 17:53 - 2016-08-06 00:03 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-09-11 17:53 - 2016-08-06 00:02 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-11 17:53 - 2016-08-05 23:48 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-11 17:53 - 2016-08-05 23:48 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-11 17:53 - 2016-08-05 23:48 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-09-11 17:53 - 2016-08-05 23:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-09-11 17:53 - 2016-08-05 23:48 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-09-11 17:53 - 2016-08-05 23:47 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-11 17:53 - 2016-08-05 23:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-11 17:53 - 2016-08-05 23:47 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-11 17:53 - 2016-08-05 23:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-11 17:53 - 2016-08-05 23:46 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-11 17:53 - 2016-08-05 23:46 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-11 17:53 - 2016-08-05 23:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-11 17:53 - 2016-08-05 23:45 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-11 17:53 - 2016-08-05 23:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-11 17:53 - 2016-08-05 23:45 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-09-11 17:53 - 2016-08-05 23:45 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-09-11 17:53 - 2016-08-05 23:44 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-09-11 17:53 - 2016-08-05 23:43 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-11 17:53 - 2016-08-05 23:42 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-11 17:53 - 2016-08-05 23:41 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-11 17:53 - 2016-08-05 23:41 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-09-11 17:53 - 2016-08-05 23:40 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-11 17:53 - 2016-08-05 23:40 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-11 17:53 - 2016-08-05 23:40 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-09-11 17:53 - 2016-08-05 23:39 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-09-11 17:53 - 2016-08-05 23:37 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-11 17:53 - 2016-08-05 23:33 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-11 17:53 - 2016-08-05 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-11 17:53 - 2016-08-05 23:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-11 17:53 - 2016-08-05 23:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-11 17:53 - 2016-08-05 23:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-11 17:53 - 2016-08-05 23:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-11 17:53 - 2016-08-05 05:14 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-11 17:53 - 2016-08-05 05:12 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-11 17:53 - 2016-08-05 05:10 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-09-11 17:53 - 2016-08-05 05:05 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-11 17:53 - 2016-08-05 04:29 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-09-11 17:53 - 2016-08-05 04:28 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-11 17:53 - 2016-08-05 04:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-09-11 17:53 - 2016-08-05 04:22 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-11 17:53 - 2016-08-05 04:20 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-11 17:53 - 2016-08-05 04:20 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-11 17:53 - 2016-08-05 04:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-09-11 17:53 - 2016-08-05 04:08 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-11 17:53 - 2016-08-02 04:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-11 17:53 - 2016-07-21 21:32 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-11 17:53 - 2016-07-21 21:18 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-11 17:53 - 2016-07-21 21:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-11 17:45 - 2016-09-11 17:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-11 17:41 - 2016-09-11 17:41 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-09-11 17:41 - 2016-09-11 17:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Sun
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\Users\AJ\AppData\LocalLow\Sun
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\Users\AJ\.oracle_jre_usage
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\ProgramData\Oracle
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-11 17:41 - 2016-09-11 17:41 - 00000000 ____D C:\Program Files\Java
2016-09-11 17:40 - 2016-09-11 18:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-11 17:40 - 2016-09-11 18:34 - 00000000 ____D C:\ProgramData\Adobe
2016-09-11 17:40 - 2016-09-11 17:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-11 17:38 - 2016-09-11 17:41 - 00000000 ____D C:\Users\AJ\AppData\Local\Adobe
2016-09-11 17:35 - 2016-09-11 17:35 - 00000000 ____D C:\WINDOWS\Panther
2016-09-11 17:32 - 2016-09-13 19:24 - 00000000 ____D C:\AdwCleaner
2016-09-11 16:16 - 2016-09-11 16:16 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-11 16:16 - 2016-09-11 16:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-11 16:07 - 2016-09-12 17:10 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-11 15:40 - 2016-09-12 17:10 - 00000000 ____D C:\Users\AJ\AppData\Local\Steam
2016-09-11 15:40 - 2016-09-11 15:40 - 00000000 ____D C:\Users\AJ\AppData\Local\CEF
2016-09-11 15:37 - 2016-09-11 15:37 - 00000000 ____D C:\Users\AJ\Desktop\Work
2016-09-11 15:35 - 2016-09-11 17:35 - 00000000 ____D C:\Users\AJ\Desktop\Sys
2016-09-11 15:34 - 2016-09-12 17:15 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-11 15:34 - 2016-09-11 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-11 15:33 - 2016-09-13 19:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-11 15:33 - 2016-09-11 15:33 - 00000000 ____D C:\Users\AJ\AppData\Local\NVIDIA Corporation
2016-09-11 15:33 - 2016-09-11 15:33 - 00000000 ____D C:\Temp
2016-09-11 15:33 - 2016-09-11 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-11 15:33 - 2016-09-11 15:33 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-11 15:33 - 2016-08-25 19:27 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-09-11 15:33 - 2016-08-25 19:27 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-09-11 15:33 - 2016-08-25 19:27 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-09-11 15:33 - 2016-08-25 19:27 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-09-11 15:33 - 2016-08-25 19:27 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-09-11 15:33 - 2016-08-25 16:53 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-09-11 15:33 - 2016-05-03 22:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-09-11 15:33 - 2016-05-03 22:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-09-11 15:33 - 2016-05-03 22:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-09-11 15:33 - 2016-05-03 22:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-09-11 15:33 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-09-11 15:33 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-09-11 15:33 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-09-11 15:33 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-09-11 15:33 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-09-11 15:33 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-09-11 15:32 - 2016-09-11 21:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-11 15:32 - 2016-08-25 19:27 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-09-11 15:32 - 2016-08-25 19:27 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 06384064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 02475064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 01362368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-09-11 15:32 - 2016-08-25 17:12 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-09-11 15:32 - 2016-08-25 17:12 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-09-11 15:32 - 2016-08-22 11:17 - 07320235 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-09-11 15:31 - 2016-08-25 19:27 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 35180992 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 34842680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 28238904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 10865888 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 10746896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 10288040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 09094048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 08875408 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 08687888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 03906992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 03448808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 02912192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 02549184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437270.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 01588688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 01586560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437270.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 01020472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00958008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00941504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00894520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00802584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00801744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00686712 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00642392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00616648 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00576168 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00439352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00386104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00347072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00327224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00223304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-09-11 15:31 - 2016-08-25 19:27 - 00113208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00102968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00056376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-09-11 15:31 - 2016-08-25 19:27 - 00054728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-09-11 15:31 - 2016-08-25 19:27 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-09-11 15:31 - 2016-08-25 19:27 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-09-11 15:31 - 2016-08-25 19:27 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-09-11 15:25 - 2016-09-11 15:25 - 00000000 ____D C:\ProgramData\USOShared
2016-09-11 14:10 - 2016-09-12 22:47 - 00000700 __RSH C:\ProgramData\ntuser.pol
2016-09-11 14:08 - 2016-09-11 14:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-09-11 13:48 - 2016-09-11 13:48 - 00000000 ____D C:\Users\AJ\AppData\Local\PeerDistRepub
2016-09-11 13:35 - 2016-09-11 13:35 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-09-11 13:35 - 2016-09-11 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-11 13:35 - 2016-09-11 13:35 - 00000000 ____D C:\Program Files\CCleaner
2016-09-11 13:07 - 2016-09-11 13:07 - 00000000 ____D C:\Users\AJ\AppData\Local\ElevatedDiagnostics
2016-09-11 13:05 - 2016-09-11 13:05 - 00252560 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2016-09-11 13:05 - 2016-09-11 13:05 - 00000000 ____D C:\Users\AJ\AppData\Local\Kaspersky Lab
2016-09-11 13:05 - 2016-09-11 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2016-09-11 13:02 - 2016-09-11 21:00 - 00000000 ____D C:\Users\AJ\AppData\Local\NVIDIA
2016-09-11 13:02 - 2016-09-11 13:02 - 00223528 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2016-09-11 13:02 - 2016-09-11 13:02 - 00167904 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2016-09-11 13:02 - 2016-09-11 13:02 - 00112336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2016-09-11 12:58 - 2016-09-11 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-09-11 12:57 - 2016-09-13 19:20 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-11 12:57 - 2016-09-13 19:19 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-11 12:57 - 2016-09-11 13:05 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-09-11 12:57 - 2016-09-11 13:04 - 01012056 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-09-11 12:57 - 2016-09-11 13:04 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-09-11 12:57 - 2016-09-11 13:03 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-11 12:57 - 2016-09-11 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-09-11 12:57 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-09-11 12:57 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-09-11 12:50 - 2016-09-12 17:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-11 12:50 - 2016-09-11 15:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-11 12:50 - 2016-09-11 15:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-11 12:43 - 2016-09-11 12:43 - 00002376 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-11 12:43 - 2016-09-11 12:43 - 00000000 ___RD C:\Users\AJ\OneDrive
2016-09-11 12:43 - 2016-09-11 12:43 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-11 12:41 - 2016-09-11 21:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-11 12:41 - 2016-09-11 13:02 - 00000000 ____D C:\Users\AJ\AppData\Local\ConnectedDevicesPlatform
2016-09-11 12:41 - 2016-09-11 12:41 - 00001051 _____ C:\Users\AJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-09-11 12:41 - 2016-09-11 12:41 - 00000020 ___SH C:\Users\AJ\ntuser.ini
2016-09-11 12:41 - 2016-09-11 12:41 - 00000000 ____D C:\Users\AJ\AppData\Local\TileDataLayer
2016-09-11 12:41 - 2016-09-11 12:41 - 00000000 ____D C:\Users\AJ\AppData\Local\Publishers
2016-09-11 12:41 - 2016-09-11 12:41 - 00000000 ____D C:\Users\AJ\AppData\Local\Comms
2016-09-11 12:30 - 2016-09-13 19:18 - 00959754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-11 12:28 - 2016-09-11 12:28 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-09-11 12:28 - 2016-09-11 12:28 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-11 12:28 - 2016-09-11 12:28 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-11 12:27 - 2016-09-13 19:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 12:27 - 2016-09-11 12:27 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-11 12:27 - 2016-09-11 12:27 - 00003296 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-11 12:27 - 2016-09-11 12:27 - 00003068 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-11 12:27 - 2016-09-11 12:27 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3895701127-2468208170-3203695500-1001
2016-09-11 12:24 - 2016-09-11 12:24 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-11 12:23 - 2016-09-11 12:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-11 12:22 - 2016-09-12 17:15 - 00000000 ____D C:\Users\AJ
2016-09-11 12:22 - 2016-09-11 12:22 - 00000000 _SHDL C:\Users\AJ\My Documents
2016-09-11 12:22 - 2016-09-11 12:22 - 00000000 _SHDL C:\Users\AJ\Documents\My Videos
2016-09-11 12:22 - 2016-09-11 12:22 - 00000000 _SHDL C:\Users\AJ\Documents\My Pictures
2016-09-11 12:22 - 2016-09-11 12:22 - 00000000 _SHDL C:\Users\AJ\Documents\My Music
2016-09-11 12:22 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-11 12:19 - 2016-09-13 19:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-11 12:19 - 2016-09-11 15:18 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-11 12:19 - 2016-09-11 12:19 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-09-11 12:10 - 2016-09-11 12:10 - 00000117 _____ C:\WINDOWS\system32\netcfg-4113203.txt
2016-09-11 11:38 - 2016-09-11 17:51 - 00000000 ____D C:\Users\AJ\Desktop\Security and Organization
2016-09-11 11:36 - 2016-09-11 17:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-11 11:36 - 2016-09-11 11:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-11 11:36 - 2016-09-11 11:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-11 11:36 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-11 11:36 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-11 11:36 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-11 11:26 - 2016-09-11 13:52 - 00000000 ____D C:\ESD
2016-09-11 11:25 - 2016-09-11 11:25 - 00000366 _____ C:\Users\AJ\AppData\Local\LMIR0002.tmp_r.bat
2016-09-11 11:02 - 2016-09-11 11:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-21718.txt
2016-09-11 11:02 - 2016-09-11 11:02 - 00000117 _____ C:\WINDOWS\system32\netcfg-1594000.txt
2016-09-11 10:35 - 2016-09-11 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-7144968.txt
2016-09-11 10:35 - 2016-09-11 10:35 - 00000117 _____ C:\WINDOWS\system32\netcfg-27890.txt
2016-09-11 10:16 - 2016-09-11 10:16 - 00000000 _____ C:\WINDOWS\system32\0
2016-09-11 09:48 - 2016-09-11 11:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue RC - f981377f-a654-4d3a-9b4a-74139b162260
2016-09-11 09:47 - 2016-09-11 11:25 - 00000000 ____D C:\Users\AJ\AppData\Local\LogMeIn Rescue Applet
2016-09-11 09:37 - 2016-09-12 20:08 - 00000000 ____D C:\Users\AJ\AppData\Roaming\VMware
2016-09-11 09:37 - 2016-09-12 20:08 - 00000000 ____D C:\Users\AJ\AppData\Local\VMware
2016-09-11 09:21 - 2016-09-11 09:21 - 00001189 _____ C:\WINDOWS\system32\netcfg-2710734.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00001189 _____ C:\WINDOWS\system32\netcfg-2706984.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000161 _____ C:\WINDOWS\system32\netcfg-2716078.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000161 _____ C:\WINDOWS\system32\netcfg-2710406.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000157 _____ C:\WINDOWS\system32\netcfg-2699078.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000132 _____ C:\WINDOWS\system32\netcfg-2710968.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000132 _____ C:\WINDOWS\system32\netcfg-2710328.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-2722546.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-2710921.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-2710359.txt
2016-09-11 09:21 - 2016-09-11 09:21 - 00000117 _____ C:\WINDOWS\system32\netcfg-2707140.txt
2016-09-11 09:21 - 2016-04-14 17:17 - 00934080 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2016-09-11 09:21 - 2016-04-14 17:17 - 00392896 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2016-09-11 09:21 - 2016-04-14 17:17 - 00358080 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2016-09-11 09:21 - 2016-04-14 17:17 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2016-09-11 09:21 - 2016-04-14 16:53 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2016-09-11 09:21 - 2016-03-10 08:03 - 00057536 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2016-09-11 09:21 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2016-09-11 09:21 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2016-09-11 09:21 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2016-09-11 09:20 - 2016-09-13 19:03 - 00000000 ____D C:\ProgramData\VMware
2016-09-11 09:20 - 2016-09-11 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2016-09-11 09:20 - 2016-09-11 09:20 - 00811864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-11 09:20 - 2016-09-11 09:20 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2016-09-11 09:20 - 2016-09-11 09:20 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2016-09-11 09:20 - 2016-09-11 09:20 - 00000000 ____D C:\Program Files\Common Files\VMware
2016-09-11 09:20 - 2016-09-11 09:20 - 00000000 ____D C:\Program Files (x86)\VMware
2016-09-11 08:54 - 2016-09-11 08:54 - 00000269 _____ C:\WINDOWS\system32\netcfg-1125609.txt
2016-09-11 08:54 - 2016-09-11 08:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-1132234.txt
2016-09-11 08:54 - 2016-09-11 08:54 - 00000117 _____ C:\WINDOWS\system32\netcfg-1123531.txt
2016-09-11 08:49 - 2016-09-11 12:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-11 08:49 - 2016-09-11 12:28 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-11 08:48 - 2016-09-11 11:53 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 08:48 - 2016-09-11 11:02 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-11 08:48 - 2016-09-11 09:57 - 00000000 ____D C:\Users\AJ\AppData\Local\Google
2016-09-11 08:48 - 2016-09-11 08:49 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-11 08:48 - 2016-09-11 08:48 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Macromedia
2016-09-11 08:47 - 2016-09-11 08:47 - 00000117 _____ C:\WINDOWS\system32\netcfg-713187.txt
2016-09-11 08:45 - 2016-09-11 08:45 - 00000000 ____D C:\Users\AJ\AppData\Roaming\Adobe
2016-09-11 08:44 - 2016-09-11 21:17 - 00000000 ____D C:\Users\AJ\AppData\Local\Packages
2016-09-11 08:44 - 2016-09-11 12:23 - 00000000 ____D C:\ProgramData\PRICache
2016-09-11 08:44 - 2016-09-11 08:44 - 00000000 ____D C:\Users\AJ\AppData\Local\VirtualStore
2016-09-11 08:41 - 2016-09-11 08:41 - 00000000 ____D C:\WINDOWS\CSC
2016-09-11 08:39 - 2016-09-11 08:39 - 00001139 _____ C:\WINDOWS\system32\netcfg-187125.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00001136 _____ C:\WINDOWS\system32\netcfg-31781.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00001110 _____ C:\WINDOWS\system32\netcfg-35906.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000185 _____ C:\WINDOWS\system32\netcfg-29218.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000171 _____ C:\WINDOWS\system32\netcfg-36609.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000164 _____ C:\WINDOWS\system32\netcfg-27343.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000161 _____ C:\WINDOWS\system32\netcfg-28734.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000160 _____ C:\WINDOWS\system32\netcfg-28437.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000160 _____ C:\WINDOWS\system32\netcfg-27953.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000160 _____ C:\WINDOWS\system32\netcfg-27140.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000159 _____ C:\WINDOWS\system32\netcfg-27796.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000157 _____ C:\WINDOWS\system32\netcfg-28109.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000157 _____ C:\WINDOWS\system32\netcfg-27609.txt
2016-09-11 08:34 - 2016-09-11 08:34 - 00000150 _____ C:\WINDOWS\system32\netcfg-26906.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-13 19:15 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-13 19:09 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-13 19:09 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-12 16:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-11 20:57 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-09-11 18:19 - 2016-07-16 10:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-11 18:19 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-09-11 18:18 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-11 16:18 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-11 15:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help
2016-09-11 15:25 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-11 14:10 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-09-11 14:10 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-09-11 13:04 - 2016-06-20 23:41 - 00050008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-09-11 13:04 - 2016-06-02 22:39 - 00127896 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-09-11 12:57 - 2016-07-16 07:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-09-11 12:57 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-11 12:57 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2016-09-11 12:29 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-11 12:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-11 12:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-11 12:28 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-11 12:28 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-11 12:26 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-11 12:24 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-09-11 12:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-09-11 12:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-11 12:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-09-11 12:23 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-11 12:22 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-11 12:20 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-11 12:20 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-26 01:43 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-08-26 01:43 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-09-11 11:25 - 2016-09-11 11:25 - 0000366 _____ () C:\Users\AJ\AppData\Local\LMIR0002.tmp_r.bat
 
Some files in TEMP:
====================
C:\Users\AJ\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\AJ\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\AJ\AppData\Local\Temp\nvStInst.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-11 12:19
 
==================== End of FRST.txt ============================
 
 
And an addition will be provided as an attached file. Again, thanks for your help.

Attached Files



#8 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 14 September 2016 - 09:13 PM

Thank you for the new log. Before I provide an FRST fix for you, I would like to confirm three things with you:

 

  1. Are you aware of the installation of LogMeInRescue? It appears it is installed and is used to provide remote access to your computer.
  2. If you click the Start button, type cmd.exe, right click cmd.exe and click Run as administrator, does Command Prompt open as administrator or does Command Prompt open as an administrator (if Command Prompt opens as administrator the Command Prompt title bar will say Administrator: Command Prompt)
  3. Your logs indicate there is a scheduled task named CreateExplorerShellUnelevatedTask. Did you create this scheduled task? If you did not, please also provide the contents of the file C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job. To do that, please perform the following steps.
  • Click the Start button, type cmd.exe, right click cmd.exe and click Run as administrator.
  • Copy and paste the code below into Command Prompt
schtasks.exe /query /tn CreateExplorerShellUnelevtedTask /FO list /v >"%userprofile%\Desktop\task.txt
  • Press Enter
  • Copy and paste the contents of C:\Users\AJ\Desktop\task.txt in your next reply.

 

Additionally, please copy and paste the contents of the following two files in your next reply:

 

  • C:\WINDOWS\system32\netcfg-713187.txt
  • C:\WINDOWS\system32\netcfg-187125.txt

Thank you,

 

packetanalyzer



#9 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 14 September 2016 - 11:37 PM

1. Hello again. I am aware of the installation of LogMeIn. I contacted Microsoft support and they helped me get me license key verified since I re-flashed my bios and the key was not validating windows.

I know they were real as I had gone to the official Microsoft website. 

However, I had thought I had deleted it after the Microsoft support session, as it wasn't in my programs and features, I ran CCleaner, and the CCleaner registry cleaner.

 

2. Yes it says 'Administrator: Command Prompt'

 

3. I am not familiar with the 'CreateExplorerShellUnelevatedTask' task and I will provide the logs.

 

  • C:\WINDOWS\system32\netcfg-713187.txt:

 

Command line arguments: C:\Windows\system32\svchost.exe -k netsvcs

CSteelhead::CSteelhead
CSteelhead::~CSteelhead
 
  • C:\WINDOWS\system32\netcfg-187125.txt:
Command line arguments: DrvInst.exe "1" "0" "{5d624f94-8850-40c3-a3fa-a4fd2080baf3}\vwifimp_wfd\6&1c56663c&0&01" "" "" "49bc0ff67" "0000000000000000"
CSteelhead::CSteelhead
CSteelhead::HrUpdateRouterConfiguration
Updating dialin restrictions
Inside HrUpdateWanEndPoints
SLGetWindowsInformationDWORD(g_wszLP_MAXCONNECTIONS) succeeded and returned: 3
SLGetWindowsInformationDWORD(g_wszLP_DEFAULTCONNECTIONS) succeeded and returned: 2
Max WAN endpoints: 3
Default WAN endpoints: 2
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for PPPoE
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for PPTP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for L2TP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for SSTP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for AGILEVPN
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for PPTP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for L2TP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for SSTP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for AGILEVPN
CSteelhead::~CSteelhead
 
 
 
 
 
Also, I copied and pasted the code, but it doesn't seem to work
 
schtasks.exe /query /tn CreateExplorerShellUnelevtedTask /FO list /v >"%userprofile%\Desktop\task.txt
 
always ends up saying 'ERROR: The system cannot find the file specified.' and creates an empty .txt file named task.


#10 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 15 September 2016 - 07:33 PM

Hello HYTTIOAOA,

 

Thank you for the updated logs. There are a few things we can clean up. As to the strange netcfg files, you are far from alone and all indications are these files are artifacts created by Windows. I wanted to also answer the questions from your original request. Generally we do not have users run HJT because it is outdated and only looks for malware in certain places. I did review the HJT log however, and the entries you ask about do not indicate there was an infection. Additionally you asked about a cookie for a website that you did not go to. I suspect this cookie is a third party cookie. You can get information about how you get third party cookies, what third party cookies do, privacy concerns from third party cookies, and how to block third party cookies here.

 

 

 

++++ Step 1 FRST Fix ++++

 

  1. Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time (this will open Run)
  2. Type notepad.exe
  3. Press Enter
  4. Copy and paste the code below in the open notepad window
  5. Save the file as fixlist.txt in the same folder where the Farbar tool is running from (FRST should be on your desktop).
  6. Right click FRST64.exe
  7. Click Run as administrator
  8. Click the Fix button
  9. When FRST finishes running, your computer will restart itself
C:\WINDOWS\system32\netcfg-21718.txt
C:\WINDOWS\system32\netcfg-1594000.txt
C:\WINDOWS\system32\netcfg-7144968.txt
C:\WINDOWS\system32\netcfg-27890.txt
C:\WINDOWS\system32\netcfg-2710734.txt
C:\WINDOWS\system32\netcfg-2706984.txt
C:\WINDOWS\system32\netcfg-2716078.txt
C:\WINDOWS\system32\netcfg-2710406.txt
C:\WINDOWS\system32\netcfg-2699078.txt
C:\WINDOWS\system32\netcfg-2710968.txt
C:\WINDOWS\system32\netcfg-2710328.txt
C:\WINDOWS\system32\netcfg-2722546.txt
C:\WINDOWS\system32\netcfg-2710921.txt
C:\WINDOWS\system32\netcfg-2710359.txt
C:\WINDOWS\system32\netcfg-2707140.txt
C:\WINDOWS\system32\netcfg-1125609.txt
C:\WINDOWS\system32\netcfg-1132234.txt
C:\WINDOWS\system32\netcfg-1123531.txt
C:\WINDOWS\system32\netcfg-713187.txt
C:\WINDOWS\system32\netcfg-187125.txt
C:\WINDOWS\system32\netcfg-31781.txt
C:\WINDOWS\system32\netcfg-35906.txt
C:\WINDOWS\system32\netcfg-29218.txt
C:\WINDOWS\system32\netcfg-36609.txt
C:\WINDOWS\system32\netcfg-27343.txt
C:\WINDOWS\system32\netcfg-28734.txt
C:\WINDOWS\system32\netcfg-28437.txt
C:\WINDOWS\system32\netcfg-27953.txt
C:\WINDOWS\system32\netcfg-27140.txt
C:\WINDOWS\system32\netcfg-27796.txt
C:\WINDOWS\system32\netcfg-28109.txt
C:\WINDOWS\system32\netcfg-27609.txt
C:\WINDOWS\system32\netcfg-26906.txt
C:\WINDOWS\system32\0
C:\Users\AJ\AppData\Local\LMIR0002.tmp_r.bat
C:\Program Files (x86)\LogMeIn Rescue RC - f981377f-a654-4d3a-9b4a-74139b162260
C:\Users\AJ\AppData\Local\LogMeIn Rescue Applet
EmptyTemp:

++++ Step 2 Security Check ++++

 

  1. Download Security Check by screen317 from here
  2. Save it to your Desktop
  3. Right click SecurityCheck.exe and click Run as administrator
  4. Follow the onscreen instructions inside of the black box

 

++++ Step 3  Share Your Logs++++

 

  1. Please post the contents of the Fixlog.txt file that was created when you ran the FRST fix in your next reply
  2. Please post the contents of the checkup.txt file that was created when you ran SecurityCheck in your next reply


#11 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 15 September 2016 - 08:47 PM

Hi, I have the Fixlog and checkup log.

 


Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by AJ (15-09-2016 21:36:29) Run:1
Running from C:\Users\AJ\Desktop
Loaded Profiles: AJ (Available Profiles: AJ)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\WINDOWS\system32\netcfg-21718.txt
C:\WINDOWS\system32\netcfg-1594000.txt
C:\WINDOWS\system32\netcfg-7144968.txt
C:\WINDOWS\system32\netcfg-27890.txt
C:\WINDOWS\system32\netcfg-2710734.txt
C:\WINDOWS\system32\netcfg-2706984.txt
C:\WINDOWS\system32\netcfg-2716078.txt
C:\WINDOWS\system32\netcfg-2710406.txt
C:\WINDOWS\system32\netcfg-2699078.txt
C:\WINDOWS\system32\netcfg-2710968.txt
C:\WINDOWS\system32\netcfg-2710328.txt
C:\WINDOWS\system32\netcfg-2722546.txt
C:\WINDOWS\system32\netcfg-2710921.txt
C:\WINDOWS\system32\netcfg-2710359.txt
C:\WINDOWS\system32\netcfg-2707140.txt
C:\WINDOWS\system32\netcfg-1125609.txt
C:\WINDOWS\system32\netcfg-1132234.txt
C:\WINDOWS\system32\netcfg-1123531.txt
C:\WINDOWS\system32\netcfg-713187.txt
C:\WINDOWS\system32\netcfg-187125.txt
C:\WINDOWS\system32\netcfg-31781.txt
C:\WINDOWS\system32\netcfg-35906.txt
C:\WINDOWS\system32\netcfg-29218.txt
C:\WINDOWS\system32\netcfg-36609.txt
C:\WINDOWS\system32\netcfg-27343.txt
C:\WINDOWS\system32\netcfg-28734.txt
C:\WINDOWS\system32\netcfg-28437.txt
C:\WINDOWS\system32\netcfg-27953.txt
C:\WINDOWS\system32\netcfg-27140.txt
C:\WINDOWS\system32\netcfg-27796.txt
C:\WINDOWS\system32\netcfg-28109.txt
C:\WINDOWS\system32\netcfg-27609.txt
C:\WINDOWS\system32\netcfg-26906.txt
C:\WINDOWS\system32\0
C:\Users\AJ\AppData\Local\LMIR0002.tmp_r.bat
C:\Program Files (x86)\LogMeIn Rescue RC - f981377f-a654-4d3a-9b4a-74139b162260
C:\Users\AJ\AppData\Local\LogMeIn Rescue Applet
EmptyTemp:
*****************
 
C:\WINDOWS\system32\netcfg-21718.txt => moved successfully
C:\WINDOWS\system32\netcfg-1594000.txt => moved successfully
C:\WINDOWS\system32\netcfg-7144968.txt => moved successfully
C:\WINDOWS\system32\netcfg-27890.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710734.txt => moved successfully
C:\WINDOWS\system32\netcfg-2706984.txt => moved successfully
C:\WINDOWS\system32\netcfg-2716078.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710406.txt => moved successfully
C:\WINDOWS\system32\netcfg-2699078.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710968.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710328.txt => moved successfully
C:\WINDOWS\system32\netcfg-2722546.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710921.txt => moved successfully
C:\WINDOWS\system32\netcfg-2710359.txt => moved successfully
C:\WINDOWS\system32\netcfg-2707140.txt => moved successfully
C:\WINDOWS\system32\netcfg-1125609.txt => moved successfully
C:\WINDOWS\system32\netcfg-1132234.txt => moved successfully
C:\WINDOWS\system32\netcfg-1123531.txt => moved successfully
C:\WINDOWS\system32\netcfg-713187.txt => moved successfully
C:\WINDOWS\system32\netcfg-187125.txt => moved successfully
C:\WINDOWS\system32\netcfg-31781.txt => moved successfully
C:\WINDOWS\system32\netcfg-35906.txt => moved successfully
C:\WINDOWS\system32\netcfg-29218.txt => moved successfully
C:\WINDOWS\system32\netcfg-36609.txt => moved successfully
C:\WINDOWS\system32\netcfg-27343.txt => moved successfully
C:\WINDOWS\system32\netcfg-28734.txt => moved successfully
C:\WINDOWS\system32\netcfg-28437.txt => moved successfully
C:\WINDOWS\system32\netcfg-27953.txt => moved successfully
C:\WINDOWS\system32\netcfg-27140.txt => moved successfully
C:\WINDOWS\system32\netcfg-27796.txt => moved successfully
C:\WINDOWS\system32\netcfg-28109.txt => moved successfully
C:\WINDOWS\system32\netcfg-27609.txt => moved successfully
C:\WINDOWS\system32\netcfg-26906.txt => moved successfully
C:\WINDOWS\system32\0 => moved successfully
"C:\Users\AJ\AppData\Local\LMIR0002.tmp_r.bat" => not found.
C:\Program Files (x86)\LogMeIn Rescue RC - f981377f-a654-4d3a-9b4a-74139b162260 => moved successfully
"C:\Users\AJ\AppData\Local\LogMeIn Rescue Applet" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 845237 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18167863 B
Java, Flash, Steam htmlcache => 35261689 B
Windows/system/drivers => 34626 B
Edge => 0 B
Chrome => 418474272 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 20480 B
NetworkService => 0 B
AJ => 46836204 B
 
RecycleBin => 0 B
EmptyTemp: => 495.6 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:36:33 ====
 
 
 
Below is the checkup log from SecurityCheckup
 
 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Total Security   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Google Chrome (53.0.2785.101) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Total Security 17.0.0 avp.exe  
 Kaspersky Lab Kaspersky Total Security 17.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Password Manager 8.0.5 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksde.exe  
 Kaspersky Lab Kaspersky Secure Connection 1.0 ksdeui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 
Thanks for the help BTW  :)


#12 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 16 September 2016 - 07:56 PM

Hello HYTTIOAOA,

 

Thank you for the logs.

 

The SecurityCheck log that shows you have an out of date version of Java appears to be a false positive as the FRST log shows you only have a 64 bit version of Java installed.

 

That leave us with our final set of steps. :)

 

++++ Step 1  How to Stay Safe Online and All Clear++++

 

 

Thank you HYTTIOAOA for following through the steps with me.

 

Summary of Concerns

 

  • Ask.com installed in Chrome
  • HJT R0 Entries
  • Cookies from a website you did not access
  • Unsure of any other compromise on your computer

 

Summary of Findings

 

  • FRST reveals that Ask.com is no longer installed in Chrome (OP resolved prior to us providing assistance)
  • HJT reveals the R0 Entries are not malicious
  • Cookie is likely a third party cookies
  • FRST does not indicate any compromise on the computer
  • SecurityCheck reveals there is an out of date version of Java installed on the computer, but the web browsers on the computer are using the current version of Java

Security Reminder

 

As you are clearly aware there are many threats to the security of your computer. By doing basic things you can reduce the level of risk to your computer. No one solution or combination of solutions will give you 100% protection from all threats, but by doing the following you greatly decrease the risk to the security of your computer and reduce the attack surface you present to attackers.

 

  • Keep your Operating System Up to Date
  • Keep your Applications Up to Date
  • Use Different Passwords on Every Website
  • Install, Keep Up to Date, and Run Regular Scans of a Reliable Anti-Virus Product
  • Enable, Properly Configure, and Maintain a Firewall
  • Backup Your Data
  • Periodically Test Your Backups
  • Do Not Open Attachments from People You Do Not Know
  • Watch Out for Online and Phone Support Scams

You can find more information on tips to keep your computer safe online here and examples of security best practices here.

 

Thank you for your patience. If you have any other questions for me, please let me know. Otherwise you should be ready to use your computer.

 

packetanalyzer



#13 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 16 September 2016 - 08:49 PM

Well, that is quite the relief. Thank you so much.

 

I just wanted to know something. Before you told me to paste this code in CMD elevated privileges:

schtasks.exe /query /tn CreateExplorerShellUnelevtedTask /FO list /v >"%userprofile%\Desktop\task.txt

 

It did not work saying this:

'ERROR: The system cannot find the file specified.'

It creates an empty text document

 

Do you still need it?

 

 

Also, the fixlist log was talking about LogMeIn, do I need to take more action, or is it gone?

 

Again thanks for taking your time to help me  :thumbup2:


Edited by HYTTIOAOA, 16 September 2016 - 08:57 PM.


#14 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 16 September 2016 - 11:55 PM

Hi HYTTIOAOA,

No you do not need the text file. You can now remove the logs and FRST. Yes, LogMeIn was removed.

You are quite welcome. Have a good weekend!



#15 HYTTIOAOA

HYTTIOAOA
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:36 PM

Posted 17 September 2016 - 11:02 AM

Thank you for the clarification.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users