Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit survived clean install


  • This topic is locked This topic is locked
38 replies to this topic

#1 Alley Cat

Alley Cat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 28 January 2017 - 08:48 PM

3 weeks ago, I noticed a Network drive.  Each time this rootkit comes back, 3 directories are created on Drive E and another 3 directories on Drive H.  6 to 20 random files, TXT, XLS, PEM, SQL, DOCX, other excel files.

 

These files cannot be opened.  I used PERMANENTLY DELETE option on my antivirus to remove the entire directory. Now, the rootkit is hiding the directory, but I can still locate the files, performing a windows search for PEM files.

 

I looked into how to remove Network drive, couldn't figure it out.  So I wiped the entire HDD, Windows 7 on a clean install (DELETED all partitions).  Only Drive C is connected during install.  Drive E and H is not connected until Windows is done installing. Step 2, I reinstall firewall, antivirus and drivers while offline (ethernet cord unplugged). Rebooted, online and downloading Win updates. Out of 177 updates, only 136 installed.  Security Monthly Quality Rollups (Oct 2016, Nov 2016, Dec 2016 always needs to be rolled back, unsuccessful updates. Takes usually more than two hours to roll back)

 

50 % of my things are reinstalled.  Like before, reformat, computer runs fine.  No malware or ransomware notices. No popups, typically the only website I see ads on, is youtube.

 

 

But, this rootkit is back, and spread across all 3 HDDs. These directories are now hidden, cannot be viewed in Windows Explorer (my settings were changed to see all).  I was looking into Security settings on my computer, when COM Surrogate and Explorer.EXE suddenly crash.  This is new and unusual.

 

COM Surrogate has stopped working

 

Problem signature:

  Problem Event Name: APPCRASH

  Application Name: DllHost.exe

  Fault Module Name: ACLUI.dll

  Exception Code: c0000005

  Exception Offset: 00000000000118e3

 

Problem signature:

  Problem Event Name: APPCRASH

  Application Name: Explorer.EXE

 Fault Module Name: ACLUI.dll

  Exception Code: c0000005

  Exception Offset: 00000000000118e3

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-01-2017 01

Ran by SHODAN (administrator) on SHODAN-AI (28-01-2017 17:32:38)

Running from H:\Emergency Malware Removal

Loaded Profiles: SHODAN (Available Profiles: SHODAN)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Code Sector) C:\Installed Utlilties\TeraCopy\TeraCopyService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe

() C:\Installed Utlilties\Send Anywhere\sendanywhere.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

(Code Sector) C:\Program Files (x86)\Direct Folders\df.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(Code Sector Inc.) C:\Program Files (x86)\Direct Folders\df64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\bavhm.exe

(DAZ 3D, Inc) E:\daz 3n4\3.1.2\DAZStudio3 64bit\DAZStudio.exe

(Jasc Software, Inc.) C:\Program Files (x86)\Paint Shop Pro 9\Paint Shop Pro 9.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Nullsoft, Inc.) H:\zTheWinAmp\winamp.exe

(Just Great Software) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe

(DAZ 3D, Inc) E:\daz 3n4\3.1.2\DAZStudio3 64bit\DAZStudio.exe

(DAZ 3D, Inc) E:\daz 3n4\3.1.2\DAZStudio3 64bit\DAZStudio.exe

(PeerBlock, LLC) C:\Installed Utlilties\PeerBlock\peerblock.exe

(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera_crashreporter.exe

(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

(Farbar) FSS.exe

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-15] (Realtek Semiconductor)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-13] (Microsoft Corporation)

HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavTray.exe [1998832 2017-01-13] (Baidu, Inc.)

HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-12-13] (Check Point Software Technologies Ltd.)

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\Run: [PeerBlock] => C:\Installed Utlilties\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\Run: [SendAnywhere] => C:\Installed Utlilties\Send Anywhere\sendanywhere.exe [5555896 2016-06-09] ()

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-05] (SUPERAntiSpyware)

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\Policies\Explorer: [HideSCABattery] 1

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\Policies\Explorer: [NoCDBurning] 1

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll [2017-01-13] (Baidu, Inc.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

Startup: C:\Users\SHODAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk [2017-01-14]

ShortcutTarget: Direct Folders.lnk -> C:\Program Files (x86)\Direct Folders\df.exe (Code Sector)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

Tcpip\..\Interfaces\{D929EC78-BF89-44E5-A97F-F614EC045203}: [DhcpNameServer] 192.168.1.254 192.168.1.254

 

Internet Explorer:

==================

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

 

FireFox:

========

FF ProfilePath: C:\Users\SHODAN\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\ikrh9uc6.default [2017-01-28]

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VLC\npvlc.dll [2016-06-01] (VideoLAN)

 

Chrome: 

=======

CHR Profile: C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default [2017-01-27]

CHR Extension: (Google Slides) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-14]

CHR Extension: (Google Docs) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-14]

CHR Extension: (Google Drive) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-14]

CHR Extension: (YouTube) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]

CHR Extension: (Google Sheets) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-14]

CHR Extension: (Google Docs Offline) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-17]

CHR Extension: (Chrome Web Store Payments) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]

CHR Extension: (Gmail) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-14]

CHR Extension: (Chrome Media Router) - C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-14]

 

Opera: 

=======

OPR Extension: (Hide My IP) - C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Extensions\ajgedeilbpjdpdfeijeonkomjhfeonao [2017-01-13]

OPR Extension: (Ghostery) - C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-01-14]

OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2017-01-13]

OPR Extension: (HTTPS Everywhere) - C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-01-28]

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe [2791312 2017-01-13] (Baidu, Inc.)

S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxSrv64.exe [264688 2017-01-13] (Baidu, Inc.)

R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BHipsSvc.exe [531232 2017-01-13] (Baidu, Inc.)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-11] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)

R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-11] (NVIDIA Corporation)

R2 TeraCopyService; C:\Installed Utlilties\TeraCopy\TeraCopyService.exe [100688 2016-12-07] (Code Sector)

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-12-13] (Check Point Software Technologies Ltd.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)

R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1040184 2016-12-13] (Check Point Software Technologies Ltd.)

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdApiUtil64.sys [116968 2017-01-13] (Baidu, Inc.)

R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-28] ()

U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdCameraProtect64.sys [25032 2017-01-13] (Baidu, Inc.)

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [232392 2017-01-13] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [61896 2017-01-13] (Baidu, Inc.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2017-01-13] (Baidu, Inc.)

R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [83144 2017-01-13] (Baidu, Inc.)

R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2017-01-13] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2017-01-13] (Baidu, Inc.)

R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Bnmon64.sys [82376 2017-01-13] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [262088 2017-01-13] (Baidu, Inc.)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-01-25] (Malwarebytes)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-11] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-11] (NVIDIA Corporation)

R3 pbfilter; C:\Installed Utlilties\PeerBlock\pbfilter.sys [22600 2014-01-14] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-01-23] ()

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462272 2016-12-12] (Check Point Software Technologies Ltd.)

R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-01-23] (Zemana Ltd.)

R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-01-23] (Zemana Ltd.)

U3 iswSvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-01-28 17:32 - 2017-01-28 17:32 - 00000000 ____D C:\FRST

2017-01-27 22:19 - 2017-01-28 17:24 - 00002918 _____ C:\Users\SHODAN\Documents\crash.txt

2017-01-27 16:54 - 2017-01-27 16:54 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\GlarySoft

2017-01-27 16:47 - 2017-01-27 16:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2017-01-27 16:43 - 2017-01-27 16:44 - 00264112 _____ C:\TDSSKiller.2.8.15.0_27.01.2017_16.43.26_log.txt

2017-01-27 16:13 - 2017-01-27 16:14 - 00000000 ____D C:\Qoobox

2017-01-27 16:12 - 2017-01-27 16:14 - 00000000 ___SD C:\32788R22FWJFW

2017-01-27 16:12 - 2017-01-27 16:12 - 00000000 ____D C:\Windows\erdnt

2017-01-26 15:21 - 2017-01-26 15:21 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts

2017-01-26 15:20 - 2017-01-26 15:20 - 00439596 _____ C:\Windows\system32\Drivers\vsconfig.xml

2017-01-26 15:19 - 2017-01-26 15:19 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk

2017-01-26 15:19 - 2017-01-26 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point

2017-01-26 15:17 - 2017-01-26 15:19 - 00000000 ____D C:\Program Files (x86)\CheckPoint

2017-01-26 15:17 - 2017-01-26 15:17 - 00000000 ____D C:\ProgramData\CheckPoint

2017-01-26 14:57 - 2017-01-26 14:57 - 00118485 _____ C:\Users\SHODAN\Desktop\Image2.pspimage

2017-01-25 21:55 - 2017-01-25 21:56 - 00003578 _____ C:\Users\SHODAN\Desktop\Rkill.txt

2017-01-25 21:23 - 2017-01-28 13:23 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71299616-44c4-477c-b0ae-e01abae6aa90.job

2017-01-25 21:23 - 2017-01-28 02:00 - 00000512 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task abd14392-a2c2-4919-80da-cde176b0ca67.job

2017-01-25 21:23 - 2017-01-25 21:23 - 00003590 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task abd14392-a2c2-4919-80da-cde176b0ca67

2017-01-25 21:23 - 2017-01-25 21:23 - 00003516 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 71299616-44c4-477c-b0ae-e01abae6aa90

2017-01-25 21:23 - 2017-01-25 21:23 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

2017-01-25 21:23 - 2017-01-25 21:23 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\SUPERAntiSpyware.com

2017-01-25 21:23 - 2017-01-25 21:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com

2017-01-25 21:23 - 2017-01-25 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2017-01-25 21:23 - 2017-01-25 21:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

2017-01-25 21:15 - 2017-01-25 21:15 - 00000000 ____D C:\Users\SHODAN\Documents\Add-in Express

2017-01-25 21:14 - 2017-01-25 21:14 - 00000119 _____ C:\Windows\wininit.ini

2017-01-25 01:03 - 2017-01-28 17:27 - 00000064 _____ C:\Users\SHODAN\Documents\Working Copy of Untitled 1.txt

2017-01-24 20:23 - 2017-01-24 20:25 - 05456576 _____ (COMODO) C:\Users\SHODAN\Downloads\cfw_installer_6106_53.exe

2017-01-24 20:12 - 2017-01-24 20:12 - 05011224 _____ (Check Point Software Technologies Ltd.) C:\Users\SHODAN\Downloads\zafwSetupWeb_150_159_17147.exe

2017-01-23 14:04 - 2017-01-25 21:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-01-23 14:03 - 2017-01-28 17:32 - 00219479 _____ C:\Windows\ZAM.krnl.trace

2017-01-23 14:03 - 2017-01-28 17:32 - 00199488 _____ C:\Windows\ZAM_Guard.krnl.trace

2017-01-23 14:03 - 2017-01-23 14:03 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys

2017-01-23 14:03 - 2017-01-23 14:03 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys

2017-01-23 14:03 - 2017-01-23 14:03 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Zemana

2017-01-23 05:02 - 2017-01-23 05:03 - 00000000 ____D C:\AdwCleaner

2017-01-23 04:59 - 2017-01-23 05:04 - 00000000 ____D C:\ProgramData\RogueKiller

2017-01-23 04:59 - 2017-01-23 04:59 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys

2017-01-23 04:36 - 2017-01-23 04:36 - 00029816 _____ C:\Users\SHODAN\Desktop\NOTthisCRAPagain.pic

2017-01-22 21:07 - 2017-01-22 21:09 - 00000000 ____D C:\Users\SHODAN\AppData\LocalLow\Daybreak Game Company

2017-01-22 21:07 - 2017-01-22 21:07 - 00000000 ____D C:\Users\SHODAN\AppData\Local\SCE

2017-01-22 21:07 - 2017-01-22 21:07 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Daybreak Game Company

2017-01-22 18:39 - 2017-01-25 20:32 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Lookeen

2017-01-22 18:36 - 2017-01-22 18:37 - 23422856 _____ (Axonic ) C:\Users\SHODAN\Downloads\LookeenFree.10.1.1.6038.exe

2017-01-22 12:49 - 2017-01-22 12:50 - 00000000 ____D C:\Users\SHODAN\Downloads\qqaqqazz12

2017-01-22 12:18 - 2017-01-22 12:21 - 14102438 _____ C:\Users\SHODAN\Downloads\free_tileable_leather_patterns_by_webtreatsetc.zip

2017-01-22 12:17 - 2017-01-22 12:19 - 73952044 _____ C:\Users\SHODAN\Downloads\fabric_textures_pack_by_fudgegraphics.zip

2017-01-22 12:16 - 2017-01-22 12:16 - 14769633 _____ C:\Users\SHODAN\Downloads\leather_texture_pack_1_by_mytherea.zip

2017-01-22 12:16 - 2017-01-22 12:16 - 02713563 _____ C:\Users\SHODAN\Downloads\alligator_skin_resource_by_digitalphenom.zip

2017-01-22 11:06 - 2017-01-22 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-01-22 11:06 - 2017-01-22 11:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-01-22 11:06 - 2017-01-22 11:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-01-22 00:28 - 2017-01-26 15:15 - 00819958 _____ C:\Windows\ntbtlog.txt

2017-01-21 21:55 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2017-01-21 21:55 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2017-01-21 21:55 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2017-01-21 21:55 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2017-01-21 21:55 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2017-01-21 21:55 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2017-01-21 21:11 - 2017-01-21 21:11 - 00000000 ____D C:\Users\SHODAN\AppData\LocalLow\Cruderocks

2017-01-21 18:05 - 2017-01-21 18:05 - 01381582 ____S (Igor Pavlov) C:\Users\SHODAN\Downloads\7z1604-x64.exe

2017-01-21 18:05 - 2017-01-21 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2017-01-21 18:05 - 2017-01-21 18:05 - 00000000 ____D C:\Program Files\7-Zip

2017-01-21 18:03 - 2017-01-21 18:03 - 02253848 ____S (Rainmeter) C:\Users\SHODAN\Downloads\Rainmeter-4.0.exe

2017-01-21 18:02 - 2017-01-21 18:03 - 08152550 ____S C:\Users\SHODAN\Downloads\steam_vs_for_windows_7_by_yorgash-d7fcbxy.7z

2017-01-21 17:36 - 2017-01-21 17:37 - 00000000 ____D C:\Program Files (x86)\Paint Shop Pro 9

2017-01-21 17:36 - 2017-01-21 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software

2017-01-21 16:09 - 2017-01-21 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ Productions

2017-01-21 16:09 - 2004-03-29 17:23 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe

2017-01-21 16:08 - 2017-01-21 16:08 - 00000000 ____D C:\Program Files (x86)\DAZ

2017-01-21 12:17 - 2017-01-21 12:17 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Remove_Empty_Directories

2017-01-21 11:50 - 2017-01-27 23:31 - 00000000 ____D C:\Users\SHODAN\Documents\My PSP Files

2017-01-21 11:50 - 2017-01-21 11:50 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Jasc Software Inc

2017-01-21 10:38 - 2017-01-21 10:38 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Moonchild Productions

2017-01-21 10:38 - 2017-01-21 10:38 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Moonchild Productions

2017-01-20 20:57 - 2017-01-20 20:57 - 06782331 ____S C:\Users\SHODAN\Downloads\Cosplay8.zip

2017-01-20 20:49 - 2017-01-20 20:49 - 00266209 ____S C:\Users\SHODAN\Downloads\vector_camo_pattern_48592.zip

2017-01-20 20:46 - 2017-01-20 20:46 - 03838709 ____S C:\Users\SHODAN\Downloads\mcMinistryLights.zip

2017-01-19 21:28 - 2017-01-19 21:28 - 00002861 _____ C:\Users\SHODAN\AppData\Local\recently-used.xbel

2017-01-19 21:21 - 2017-01-19 21:21 - 00000000 ____D C:\Users\SHODAN\.thumbnails

2017-01-19 21:19 - 2017-01-19 21:21 - 00000000 ____D C:\Users\SHODAN\.gimp-2.8

2017-01-19 21:19 - 2017-01-19 21:19 - 00000000 ____D C:\Users\SHODAN\AppData\Local\gegl-0.2

2017-01-19 21:19 - 2017-01-19 21:19 - 00000000 ____D C:\Users\SHODAN\AppData\Local\fontconfig

2017-01-19 20:19 - 2017-01-19 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAZ 3D

2017-01-19 20:17 - 2017-01-19 20:17 - 00000882 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

2017-01-19 20:17 - 2017-01-19 20:17 - 00000870 _____ C:\Users\Public\Desktop\GIMP 2.lnk

2017-01-19 20:11 - 2017-01-19 20:11 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

2017-01-19 20:11 - 2017-01-19 20:11 - 00001097 _____ C:\Users\Public\Desktop\Paint.NET.lnk

2017-01-19 20:10 - 2017-01-19 20:23 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Paint.NET

2017-01-19 20:07 - 2017-01-19 20:07 - 00003146 _____ C:\Windows\System32\Tasks\{43DD24A0-D432-4349-AF0F-B939EB6E4634}

2017-01-19 20:02 - 2017-01-19 20:02 - 00000000 ____D C:\Program Files (x86)\AMD

2017-01-19 20:01 - 2017-01-19 20:01 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Downloaded Installations

2017-01-19 18:59 - 2017-01-19 19:00 - 01481888 ____S C:\Users\SHODAN\Downloads\PaintDotNet_3_36.exe

2017-01-19 18:59 - 2017-01-19 18:59 - 00001739 ____S C:\Users\SHODAN\Downloads\Terragen_0.9.20_hazard_language_redirect.zip

2017-01-19 18:54 - 2017-01-19 18:58 - 76902472 ____S (The GIMP Team ) C:\Users\SHODAN\Downloads\the-gimp-2-8-4-gimp-2.8.4-setup.exe

2017-01-18 22:25 - 2017-01-18 22:25 - 00000000 ____D C:\Users\Public\Documents\LuxRender

2017-01-18 22:25 - 2017-01-18 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LuxRender

2017-01-18 22:25 - 2017-01-18 22:25 - 00000000 ____D C:\Program Files\LuxRender

2017-01-18 04:36 - 2017-01-18 04:36 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Poser

2017-01-18 04:32 - 2017-01-18 04:32 - 00000000 ____D C:\ProgramData\Poser

2017-01-17 18:58 - 2017-01-17 18:58 - 00000000 ____D C:\Users\SHODAN\Documents\Hedgewars

2017-01-17 18:00 - 2017-01-17 18:00 - 00000838 _____ C:\Users\SHODAN\Desktop\CDisplayEx.lnk

2017-01-17 18:00 - 2017-01-17 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx

2017-01-17 17:58 - 2017-01-17 17:58 - 00000000 ____D C:\Users\SHODAN\Tracing

2017-01-17 17:15 - 2017-01-17 17:15 - 00001763 _____ C:\Users\Public\Desktop\Send Anywhere.lnk

2017-01-17 17:15 - 2017-01-17 17:15 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Estmob

2017-01-17 17:15 - 2017-01-17 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Send Anywhere

2017-01-16 21:19 - 2017-01-16 21:20 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\AnyDesk

2017-01-16 10:28 - 2017-01-19 17:58 - 00000000 ____D C:\Users\SHODAN\Documents\DAZ 3D

2017-01-16 03:41 - 2017-01-16 03:41 - 00000000 ____D C:\Users\Public\Pixologic

2017-01-16 03:35 - 2017-01-16 03:35 - 00000000 ____D C:\ProgramData\DAZ 3D

2017-01-16 03:30 - 2017-01-16 03:30 - 00000930 _____ C:\Users\SHODAN\Desktop\DAZ Studio 4.9 (64-bit).lnk

2017-01-16 03:30 - 2017-01-16 03:30 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D

2017-01-16 03:17 - 2017-01-20 15:38 - 00000000 ____D C:\Users\Public\Documents\My DAZ 3D Library

2017-01-16 03:11 - 2017-01-16 03:11 - 00000000 ____D C:\Users\Public\Documents\DAZ 3D

2017-01-16 03:10 - 2017-01-16 10:28 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\DAZ 3D

2017-01-16 02:31 - 2017-01-16 02:31 - 00000000 ____D C:\Users\SHODAN\AppData\Local\transmission

2017-01-16 01:25 - 2017-01-16 10:28 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\NVIDIA

2017-01-15 14:35 - 2017-01-15 14:35 - 00000000 ____D C:\Users\SHODAN\.cache

2017-01-15 13:29 - 2017-01-15 13:29 - 01318407 ____S C:\Users\SHODAN\Downloads\DigiCertUtil.zip

2017-01-15 13:21 - 2017-01-15 13:21 - 694862609 _____ C:\Windows\MEMORY.DMP

2017-01-15 13:21 - 2017-01-15 13:21 - 00387560 _____ C:\Windows\Minidump\011517-9562-01.dmp

2017-01-15 13:21 - 2017-01-15 13:21 - 00000000 ____D C:\Windows\Minidump

2017-01-15 13:18 - 2017-01-15 13:20 - 00000000 ____D C:\Program Files\Common Files\logishrd

2017-01-15 13:18 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2017-01-15 13:18 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2017-01-15 13:18 - 2012-08-23 06:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys

2017-01-15 13:18 - 2012-08-23 06:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys

2017-01-15 13:18 - 2012-08-23 05:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll

2017-01-15 13:18 - 2012-08-23 05:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll

2017-01-15 13:18 - 2012-08-23 05:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2017-01-15 13:18 - 2012-08-23 05:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2017-01-15 13:18 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

2017-01-15 13:18 - 2012-08-23 05:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll

2017-01-15 13:18 - 2012-08-23 05:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2017-01-15 13:18 - 2012-08-23 05:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll

2017-01-15 13:18 - 2012-08-23 05:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll

2017-01-15 13:18 - 2012-08-23 04:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll

2017-01-15 13:18 - 2012-08-23 03:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe

2017-01-15 13:18 - 2012-08-23 03:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2017-01-15 13:18 - 2012-08-23 03:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe

2017-01-15 13:18 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll

2017-01-15 13:18 - 2012-08-23 02:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll

2017-01-15 13:18 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll

2017-01-15 13:18 - 2012-08-23 02:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2017-01-15 13:18 - 2012-08-23 02:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2017-01-15 13:18 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2017-01-15 13:18 - 2012-08-23 00:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2017-01-15 13:18 - 2012-08-23 00:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2017-01-15 13:17 - 2017-01-15 13:17 - 00000000 ____D C:\Users\SHODAN\Documents\Any Video Converter

2017-01-15 13:16 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll

2017-01-15 13:16 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe

2017-01-15 13:16 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll

2017-01-15 13:16 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll

2017-01-15 13:16 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll

2017-01-15 13:16 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys

2017-01-15 13:16 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys

2017-01-15 13:16 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2017-01-15 13:14 - 2017-01-16 03:06 - 00775008 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2017-01-15 13:12 - 2017-01-20 21:15 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Anvsoft

2017-01-15 13:12 - 2017-01-15 13:12 - 00000605 _____ C:\Users\SHODAN\Desktop\Any Video Converter.lnk

2017-01-15 13:06 - 2017-01-15 13:08 - 51282968 ____S C:\Users\SHODAN\Downloads\avc-free.exe

2017-01-15 13:02 - 2011-06-15 21:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll

2017-01-15 13:02 - 2011-06-15 20:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll

2017-01-15 13:02 - 2011-05-03 21:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll

2017-01-15 13:02 - 2011-05-03 21:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll

2017-01-15 13:02 - 2011-05-03 21:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll

2017-01-15 13:02 - 2011-05-03 21:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll

2017-01-15 13:02 - 2011-05-03 21:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll

2017-01-15 13:02 - 2011-05-03 21:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll

2017-01-15 13:02 - 2011-05-03 21:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe

2017-01-15 13:02 - 2011-05-03 21:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe

2017-01-15 13:02 - 2011-05-03 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe

2017-01-15 13:02 - 2011-05-03 20:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll

2017-01-15 13:02 - 2011-05-03 20:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll

2017-01-15 13:02 - 2011-05-03 20:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll

2017-01-15 13:02 - 2011-05-03 20:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll

2017-01-15 13:02 - 2011-05-03 20:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll

2017-01-15 13:02 - 2011-05-03 20:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll

2017-01-15 13:02 - 2011-05-03 20:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe

2017-01-15 13:02 - 2011-05-03 20:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

2017-01-15 13:02 - 2011-05-03 20:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe

2017-01-15 13:02 - 2011-02-18 02:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe

2017-01-15 13:02 - 2011-02-17 21:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe

2017-01-15 13:01 - 2017-01-15 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock

2017-01-15 13:00 - 2017-01-15 13:00 - 02374320 ____S (PeerBlock, LLC ) C:\Users\SHODAN\Downloads\PeerBlock-Setup_v1.2_r693.exe

2017-01-15 10:44 - 2015-12-08 13:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2017-01-15 10:44 - 2015-12-08 11:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2017-01-15 10:44 - 2015-07-30 10:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2017-01-15 10:44 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2017-01-15 10:44 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2017-01-15 10:44 - 2015-07-30 09:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2017-01-15 10:44 - 2015-07-30 09:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2017-01-15 10:44 - 2015-07-30 09:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2017-01-15 10:44 - 2015-07-30 09:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2017-01-15 10:44 - 2015-07-30 08:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-01-15 10:44 - 2015-07-30 08:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2017-01-15 10:44 - 2015-07-30 08:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2017-01-15 10:43 - 2015-12-08 13:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL

2017-01-15 10:43 - 2015-12-08 13:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll

2017-01-15 10:43 - 2015-12-08 13:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL

2017-01-15 10:43 - 2015-12-08 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL

2017-01-15 10:42 - 2015-12-08 13:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax

2017-01-15 10:42 - 2015-12-08 13:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll

2017-01-15 10:42 - 2015-12-08 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2017-01-15 10:42 - 2015-12-08 13:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2017-01-15 10:42 - 2015-12-08 13:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll

2017-01-15 10:42 - 2015-12-08 13:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2017-01-15 10:42 - 2015-12-08 11:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll

2017-01-15 10:42 - 2015-12-08 11:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL

2017-01-15 10:42 - 2015-12-08 11:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL

2017-01-15 10:42 - 2015-12-08 11:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL

2017-01-15 10:42 - 2015-12-08 11:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2017-01-15 10:42 - 2015-12-08 11:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL

2017-01-15 10:42 - 2015-12-08 11:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL

2017-01-15 10:42 - 2015-12-08 10:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2017-01-15 10:42 - 2015-12-08 10:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2017-01-15 10:42 - 2015-12-08 10:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys

2017-01-15 10:41 - 2015-12-08 11:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll

2017-01-15 10:41 - 2015-12-08 11:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll

2017-01-15 10:41 - 2015-12-08 11:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2017-01-15 10:41 - 2015-12-08 11:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2017-01-15 10:41 - 2015-12-08 11:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL

2017-01-15 10:41 - 2015-12-08 11:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll

2017-01-15 10:41 - 2015-12-08 11:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2017-01-15 10:41 - 2015-12-08 11:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2017-01-15 10:40 - 2015-12-08 11:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll

2017-01-15 10:40 - 2015-12-08 11:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll

2017-01-15 10:40 - 2015-12-08 11:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax

2017-01-15 10:40 - 2015-12-08 11:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2017-01-15 10:39 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2017-01-15 10:39 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2017-01-15 10:36 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2017-01-15 10:36 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2017-01-15 10:12 - 2017-01-15 10:12 - 00001607 _____ C:\Users\SHODAN\Documents\battle playlist.m3u8

2017-01-15 09:41 - 2012-02-29 22:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys

2017-01-15 09:41 - 2012-02-29 22:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2017-01-15 09:41 - 2012-02-29 22:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll

2017-01-15 09:41 - 2012-02-29 21:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2017-01-15 09:41 - 2012-02-29 21:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

2017-01-15 00:30 - 2017-01-19 20:07 - 00000000 ____D C:\Users\SHODAN\AppData\Local\ElevatedDiagnostics

2017-01-15 00:15 - 2017-01-15 00:15 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Adobe

2017-01-14 23:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2017-01-14 23:40 - 2017-01-14 23:40 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-01-14 23:40 - 2017-01-14 23:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2017-01-14 23:39 - 2017-01-14 23:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-01-14 23:39 - 2017-01-14 23:39 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-01-14 23:39 - 2017-01-14 23:39 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2017-01-14 23:39 - 2017-01-14 23:39 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2017-01-14 23:39 - 2017-01-14 23:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2017-01-14 23:39 - 2017-01-14 23:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-01-14 23:39 - 2017-01-14 23:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2017-01-14 23:39 - 2017-01-14 23:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2017-01-14 23:39 - 2017-01-14 23:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2017-01-14 23:39 - 2017-01-14 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2017-01-14 23:39 - 2017-01-14 23:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2017-01-14 23:39 - 2017-01-14 23:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-01-14 23:38 - 2017-01-14 23:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2017-01-14 23:38 - 2017-01-14 23:38 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2017-01-14 23:36 - 2017-01-14 23:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2017-01-14 23:35 - 2017-01-14 23:35 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2017-01-14 23:35 - 2017-01-14 23:35 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll

2017-01-14 23:27 - 2017-01-26 14:46 - 00000000 ___SD C:\Users\SHODAN\Downloads\xx

2017-01-14 23:27 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2017-01-14 23:27 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2017-01-14 23:27 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2017-01-14 23:27 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2017-01-14 23:27 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2017-01-14 23:27 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2017-01-14 23:26 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2017-01-14 23:26 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2017-01-14 22:50 - 2017-01-14 22:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2017-01-14 19:53 - 2017-01-14 19:53 - 00015911 ____S C:\Users\SHODAN\Downloads\89.torrent

2017-01-14 19:43 - 2017-01-14 19:43 - 20964574 ____S C:\Users\SHODAN\Downloads\OctaneRender_demo_3_04_win.exe

2017-01-14 17:12 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2017-01-14 17:12 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2017-01-14 15:14 - 2017-01-14 15:27 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Direct Folders

2017-01-14 15:14 - 2017-01-14 15:14 - 00001017 _____ C:\Users\SHODAN\Desktop\Direct Folders.lnk

2017-01-14 15:14 - 2017-01-14 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders

2017-01-14 15:14 - 2017-01-14 15:14 - 00000000 ____D C:\Program Files (x86)\Direct Folders

2017-01-14 15:13 - 2017-01-14 15:13 - 02139896 ____S (Code Sector ) C:\Users\SHODAN\Downloads\directfolders.exe

2017-01-14 15:13 - 2017-01-14 15:13 - 00001698 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk

2017-01-14 15:13 - 2017-01-14 15:13 - 00000000 ___HD C:\Users\SHODAN\AppData\Roaming\Obsidium

2017-01-14 15:13 - 2017-01-14 15:13 - 00000000 ___HD C:\Users\SHODAN\.obs32

2017-01-14 15:12 - 2017-01-14 15:12 - 04449944 ____S (Code Sector ) C:\Users\SHODAN\Downloads\teracopy3rc.exe

2017-01-14 14:43 - 2017-01-14 14:44 - 63235648 ____S (Oracle Corporation) C:\Users\SHODAN\Downloads\jre-8u111-windows-x64.exe

2017-01-14 14:36 - 2017-01-14 14:36 - 00001632 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditPad Lite 7.lnk

2017-01-14 14:36 - 2017-01-14 14:36 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\JGsoft

2017-01-14 14:36 - 2017-01-14 14:36 - 00000000 ____D C:\Program Files\Just Great Software

2017-01-14 13:12 - 2017-01-14 13:12 - 00000000 ____D C:\ProgramData\.mono

2017-01-14 13:11 - 2017-01-14 13:11 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\.mono

2017-01-14 13:11 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2017-01-14 13:11 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2017-01-14 13:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2017-01-14 13:11 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2017-01-14 13:11 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2017-01-14 13:11 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2017-01-14 13:11 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2017-01-14 13:11 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2017-01-14 13:11 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2017-01-14 13:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2017-01-14 13:11 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2017-01-14 13:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2017-01-14 13:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2017-01-14 13:11 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2017-01-14 13:11 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2017-01-14 13:11 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2017-01-14 13:11 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2017-01-14 13:11 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2017-01-14 13:11 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2017-01-14 13:11 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2017-01-14 13:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2017-01-14 13:11 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2017-01-14 13:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2017-01-14 13:11 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2017-01-14 13:11 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2017-01-14 13:11 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2017-01-14 13:11 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2017-01-14 13:11 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2017-01-14 13:11 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2017-01-14 13:11 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2017-01-14 13:11 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2017-01-14 13:11 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2017-01-14 13:11 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2017-01-14 13:11 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2017-01-14 13:11 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2017-01-14 13:11 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2017-01-14 13:11 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2017-01-14 13:11 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2017-01-14 13:11 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2017-01-14 13:11 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2017-01-14 13:11 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2017-01-14 13:11 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2017-01-14 13:11 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2017-01-14 13:11 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2017-01-14 13:11 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2017-01-14 13:11 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2017-01-14 13:11 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2017-01-14 13:11 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2017-01-14 13:11 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2017-01-14 13:11 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2017-01-14 13:11 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2017-01-14 13:11 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2017-01-14 13:11 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2017-01-14 13:11 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2017-01-14 13:11 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2017-01-14 13:11 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2017-01-14 13:11 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2017-01-14 13:11 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2017-01-14 13:11 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2017-01-14 13:11 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2017-01-14 13:11 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2017-01-14 13:11 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2017-01-14 13:11 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2017-01-14 13:11 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2017-01-14 13:11 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2017-01-14 13:11 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2017-01-14 13:11 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2017-01-14 13:11 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2017-01-14 13:11 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2017-01-14 13:11 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2017-01-14 13:11 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2017-01-14 13:11 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2017-01-14 13:11 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2017-01-14 13:11 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2017-01-14 13:11 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2017-01-14 13:11 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2017-01-14 13:11 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll

2017-01-14 13:11 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2017-01-14 13:11 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2017-01-14 13:11 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2017-01-14 13:11 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2017-01-14 13:11 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2017-01-14 13:11 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2017-01-14 13:11 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2017-01-14 13:11 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2017-01-14 13:11 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2017-01-14 13:11 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2017-01-14 13:11 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2017-01-14 13:11 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2017-01-14 13:11 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2017-01-14 13:11 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2017-01-14 13:11 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2017-01-14 13:11 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2017-01-14 13:11 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2017-01-14 13:11 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2017-01-14 13:11 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2017-01-14 13:11 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2017-01-14 13:11 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2017-01-14 13:11 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2017-01-14 13:11 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2017-01-14 13:11 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2017-01-14 13:11 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2017-01-14 13:11 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2017-01-14 13:11 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2017-01-14 13:11 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2017-01-14 13:11 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2017-01-14 13:11 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2017-01-14 13:11 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2017-01-14 13:11 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2017-01-14 13:11 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2017-01-14 13:11 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2017-01-14 13:11 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2017-01-14 13:10 - 2017-01-14 13:10 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Microsoft Games

2017-01-14 12:58 - 2017-01-23 04:11 - 00000000 ____D C:\Users\SHODAN\Documents\my games

2017-01-14 12:58 - 2017-01-14 12:58 - 00000000 ____D C:\Users\SHODAN\AppData\LocalLow\Pinkapp

2017-01-14 12:58 - 2017-01-14 12:58 - 00000000 ____D C:\Users\SHODAN\AppData\Local\THQ

2017-01-14 12:48 - 2017-01-14 12:48 - 09472968 ____S (Just Great Software ) C:\Users\SHODAN\Downloads\SetupEditPadLite.exe

2017-01-14 11:54 - 2017-01-21 18:05 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1484423662

2017-01-14 11:54 - 2017-01-14 11:54 - 00001139 _____ C:\Users\Public\Desktop\Opera.lnk

2017-01-14 11:54 - 2017-01-14 11:54 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

2017-01-14 11:53 - 2017-01-14 11:55 - 37576944 ____S (LuxRender ) C:\Users\SHODAN\Downloads\LuxRender 1.6 x64 OpenCL Setup.exe

2017-01-14 11:53 - 2017-01-14 11:54 - 00000000 ____D C:\Windows\system32\MRT

2017-01-14 11:53 - 2017-01-14 11:53 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-01-14 11:52 - 2017-01-21 18:05 - 00000000 ____D C:\Program Files (x86)\Opera

2017-01-14 11:48 - 2011-04-08 22:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2017-01-14 11:48 - 2011-04-08 21:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2017-01-14 11:44 - 2017-01-14 11:44 - 00000523 _____ C:\Users\Public\Desktop\Steam.lnk

2017-01-14 11:44 - 2017-01-14 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2017-01-14 11:42 - 2017-01-14 11:42 - 00000000 ____D C:\ProgramData\ClassicShell

2017-01-14 11:41 - 2016-01-06 11:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2017-01-14 11:41 - 2016-01-06 11:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2017-01-14 11:41 - 2016-01-06 10:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2017-01-14 11:41 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll

2017-01-14 11:41 - 2015-11-13 15:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll

2017-01-14 11:41 - 2015-11-13 15:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe

2017-01-14 11:41 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll

2017-01-14 11:41 - 2015-11-13 14:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll

2017-01-14 11:41 - 2015-11-13 14:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe

2017-01-14 11:41 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2017-01-14 11:41 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2017-01-14 11:41 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2017-01-14 11:41 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2017-01-14 11:41 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2017-01-14 11:41 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2017-01-14 11:41 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2017-01-14 11:41 - 2015-07-15 10:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-01-14 11:41 - 2015-07-15 10:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-01-14 11:41 - 2015-07-15 10:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-01-14 11:41 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2017-01-14 11:41 - 2015-07-15 10:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-01-14 11:41 - 2015-07-15 10:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2017-01-14 11:41 - 2015-07-15 10:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2017-01-14 11:41 - 2015-07-15 10:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2017-01-14 11:41 - 2015-07-15 10:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-01-14 11:41 - 2015-07-15 10:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-01-14 11:41 - 2015-07-15 10:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-01-14 11:41 - 2015-07-15 10:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-01-14 11:41 - 2015-07-15 10:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2017-01-14 11:41 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2017-01-14 11:41 - 2015-07-15 10:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2017-01-14 11:41 - 2015-07-15 10:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-01-14 11:41 - 2015-07-15 10:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-01-14 11:41 - 2015-07-15 10:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 10:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2017-01-14 11:41 - 2015-07-15 09:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2017-01-14 11:41 - 2015-07-15 09:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2017-01-14 11:41 - 2015-07-15 09:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2017-01-14 11:41 - 2015-07-15 09:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2017-01-14 11:41 - 2015-07-15 09:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2017-01-14 11:41 - 2015-07-15 09:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2017-01-14 11:41 - 2015-07-15 09:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2017-01-14 11:41 - 2015-07-15 09:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2017-01-14 11:41 - 2015-07-15 09:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2017-01-14 11:41 - 2015-07-15 09:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2017-01-14 11:41 - 2015-07-15 09:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2017-01-14 11:41 - 2015-07-15 09:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2017-01-14 11:41 - 2015-07-15 09:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2017-01-14 11:41 - 2015-07-15 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2017-01-14 11:41 - 2015-07-15 09:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2017-01-14 11:41 - 2015-07-15 09:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2017-01-14 11:41 - 2015-07-15 09:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 09:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 08:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-01-14 11:41 - 2015-07-15 08:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-01-14 11:41 - 2015-07-15 08:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-01-14 11:41 - 2015-07-15 08:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2017-01-14 11:41 - 2015-07-15 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2017-01-14 11:41 - 2015-07-15 08:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 08:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 08:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2017-01-14 11:41 - 2015-07-15 08:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2017-01-14 11:41 - 2015-06-03 12:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2017-01-14 11:41 - 2015-06-01 16:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll

2017-01-14 11:41 - 2015-06-01 15:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll

2017-01-14 11:41 - 2015-04-12 19:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2017-01-14 11:41 - 2011-11-16 22:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

2017-01-14 11:41 - 2011-11-16 21:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll

2017-01-14 11:41 - 2011-06-15 02:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll

2017-01-14 11:41 - 2011-06-15 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll

2017-01-14 11:41 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll

2017-01-14 11:41 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll

2017-01-14 11:41 - 2011-06-15 00:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll

2017-01-14 11:41 - 2011-06-15 00:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll

2017-01-14 11:41 - 2011-06-15 00:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll

2017-01-14 11:41 - 2011-06-15 00:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll

2017-01-14 11:41 - 2011-06-15 00:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll

2017-01-14 11:41 - 2011-05-24 03:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll

2017-01-14 11:41 - 2011-05-24 02:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll

2017-01-14 11:41 - 2011-05-24 02:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll

2017-01-14 11:41 - 2011-05-24 02:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll

2017-01-14 11:41 - 2011-05-24 02:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe

2017-01-14 11:41 - 2010-12-23 02:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll

2017-01-14 11:41 - 2010-12-23 02:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll

2017-01-14 11:41 - 2010-12-23 02:42 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll

2017-01-14 11:41 - 2010-12-23 02:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax

2017-01-14 11:41 - 2010-12-22 21:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll

2017-01-14 11:41 - 2010-12-22 21:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll

2017-01-14 11:41 - 2010-12-22 21:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll

2017-01-14 11:41 - 2010-12-22 21:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax

2017-01-14 11:40 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2017-01-14 11:40 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2017-01-14 11:40 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2017-01-14 11:40 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2017-01-14 11:40 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2017-01-14 11:40 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll

2017-01-14 11:40 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2017-01-14 11:40 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2017-01-14 11:40 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll

2017-01-14 11:40 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2017-01-14 11:38 - 2017-01-14 11:38 - 01446792 ____S C:\Users\SHODAN\Downloads\SteamSetup.exe

2017-01-14 11:36 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2017-01-14 11:35 - 2016-02-12 10:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2017-01-14 11:35 - 2016-02-12 10:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2017-01-14 11:35 - 2016-02-12 10:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2017-01-14 11:35 - 2016-02-12 10:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2017-01-14 11:35 - 2016-02-12 10:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2017-01-14 11:35 - 2016-02-12 10:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2017-01-14 11:35 - 2016-02-12 10:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2017-01-14 11:35 - 2016-02-12 10:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2017-01-14 11:35 - 2016-02-12 10:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2017-01-14 11:35 - 2016-02-12 10:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2017-01-14 11:35 - 2016-02-12 10:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2017-01-14 11:35 - 2016-02-12 10:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2017-01-14 11:35 - 2016-02-12 10:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2017-01-14 11:35 - 2016-02-12 10:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2017-01-14 11:35 - 2016-02-12 10:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2017-01-14 11:35 - 2016-02-12 10:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2017-01-14 11:35 - 2015-07-14 19:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2017-01-14 11:35 - 2015-07-14 19:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2017-01-14 11:35 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll

2017-01-14 11:35 - 2015-07-14 19:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll

2017-01-14 11:35 - 2015-07-14 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2017-01-14 11:35 - 2015-07-14 18:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2017-01-14 11:35 - 2015-07-14 18:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2017-01-14 11:35 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll

2017-01-14 11:35 - 2015-07-14 18:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2017-01-14 11:35 - 2015-04-24 10:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2017-01-14 11:35 - 2015-04-24 09:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll

2017-01-14 11:35 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2017-01-14 11:35 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2017-01-14 11:35 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

2017-01-14 11:35 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2017-01-14 11:35 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2017-01-14 11:35 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2017-01-14 11:35 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2017-01-14 11:35 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2017-01-14 11:35 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2017-01-14 11:35 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2017-01-14 11:35 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll

2017-01-14 11:35 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll

2017-01-14 11:35 - 2011-03-10 22:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll

2017-01-14 11:35 - 2011-03-10 22:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll

2017-01-14 11:35 - 2011-03-10 21:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll

2017-01-14 11:35 - 2011-03-10 21:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll

2017-01-14 11:33 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

2017-01-14 11:33 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2017-01-14 11:33 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

2017-01-14 11:33 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

2017-01-14 11:33 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll

2017-01-14 11:33 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll

2017-01-14 11:33 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

2017-01-14 11:33 - 2015-10-13 08:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2017-01-14 11:33 - 2015-10-13 08:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys

2017-01-14 11:33 - 2015-06-15 13:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2017-01-14 11:33 - 2015-06-15 13:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2017-01-14 11:33 - 2015-06-15 13:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2017-01-14 11:33 - 2015-06-15 13:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2017-01-14 11:33 - 2015-06-15 13:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2017-01-14 11:33 - 2015-06-15 13:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2017-01-14 11:33 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys

2017-01-14 11:33 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys

2017-01-14 11:33 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys

2017-01-14 11:33 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys

2017-01-14 11:33 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2017-01-14 11:33 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2017-01-14 11:33 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2017-01-14 11:33 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2017-01-14 11:33 - 2012-11-28 14:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2017-01-14 11:33 - 2012-11-01 21:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll

2017-01-14 11:33 - 2012-11-01 21:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

2017-01-14 11:33 - 2011-03-02 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll

2017-01-14 11:33 - 2011-03-02 22:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll

2017-01-14 11:33 - 2011-03-02 22:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe

2017-01-14 11:33 - 2011-03-02 21:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll

2017-01-14 11:33 - 2011-03-02 21:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe

2017-01-14 11:32 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe

2017-01-14 11:32 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe

2017-01-14 11:32 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

2017-01-14 11:32 - 2015-06-15 13:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2017-01-14 11:32 - 2015-06-15 13:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2017-01-14 11:32 - 2015-06-15 13:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2017-01-14 11:32 - 2015-06-15 13:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

2017-01-14 11:32 - 2015-06-15 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll

2017-01-14 11:32 - 2015-06-15 13:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll

2017-01-14 11:32 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2017-01-14 11:32 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL

2017-01-14 11:31 - 2015-12-08 13:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2017-01-14 11:31 - 2015-12-08 13:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll

2017-01-14 11:31 - 2015-12-08 11:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2017-01-14 11:31 - 2015-12-08 11:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll

2017-01-14 11:31 - 2015-02-24 19:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2017-01-14 11:31 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2017-01-14 11:31 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2017-01-14 11:31 - 2012-09-25 14:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2017-01-14 11:31 - 2012-09-25 14:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll

2017-01-14 11:31 - 2012-03-16 23:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys

2017-01-14 11:31 - 2011-08-16 21:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll

2017-01-14 11:31 - 2011-08-16 21:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax

2017-01-14 11:31 - 2011-08-16 20:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll

2017-01-14 11:31 - 2011-08-16 20:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax

2017-01-14 11:30 - 2015-10-12 20:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2017-01-14 11:30 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2017-01-14 11:30 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2017-01-14 11:30 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2017-01-14 11:30 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2017-01-14 11:30 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2017-01-14 11:30 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2017-01-14 11:30 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2017-01-14 11:30 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2017-01-14 11:30 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2017-01-14 11:30 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2017-01-14 11:30 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2017-01-14 11:30 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2017-01-14 11:30 - 2012-11-22 19:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe

2017-01-14 11:30 - 2012-07-04 14:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll

2017-01-14 11:30 - 2012-07-04 14:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll

2017-01-14 11:30 - 2012-07-04 14:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll

2017-01-14 11:30 - 2012-07-04 13:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll

2017-01-14 11:30 - 2012-07-04 13:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll

2017-01-14 11:30 - 2012-04-25 21:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll

2017-01-14 11:30 - 2012-04-25 21:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe

2017-01-14 11:30 - 2011-02-05 09:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2017-01-14 11:30 - 2011-02-05 09:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll

2017-01-14 11:30 - 2011-02-05 09:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll

2017-01-14 11:30 - 2011-02-05 09:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll

2017-01-14 11:30 - 2011-02-05 09:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2017-01-14 11:30 - 2011-02-05 09:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2017-01-14 11:30 - 2011-02-05 09:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2017-01-14 11:29 - 2017-01-14 12:57 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Steam

2017-01-14 11:29 - 2017-01-14 11:29 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Chromium

2017-01-14 11:29 - 2017-01-14 11:29 - 00000000 ____D C:\Users\SHODAN\AppData\Local\CEF

2017-01-14 11:29 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll

2017-01-14 11:29 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll

2017-01-14 11:29 - 2015-03-03 20:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2017-01-14 11:29 - 2015-03-03 20:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2017-01-14 11:29 - 2015-03-03 20:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2017-01-14 11:29 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2017-01-14 11:29 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll

2017-01-14 11:29 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2017-01-14 11:29 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2017-01-14 11:29 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2017-01-14 11:29 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2017-01-14 11:29 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2017-01-14 11:29 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx

2017-01-14 11:29 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2017-01-14 11:29 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll

2017-01-14 11:29 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2017-01-14 11:29 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2017-01-14 11:29 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2017-01-14 11:29 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe

2017-01-14 11:29 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe

2017-01-14 11:29 - 2013-05-12 21:51 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2017-01-14 11:29 - 2013-05-12 21:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2017-01-14 11:29 - 2013-05-12 21:51 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2017-01-14 11:29 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2017-01-14 11:29 - 2013-05-12 20:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2017-01-14 11:29 - 2013-05-12 20:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2017-01-14 11:29 - 2013-05-12 20:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2017-01-14 11:29 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2017-01-14 11:29 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe

2017-01-14 11:29 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll

2017-01-14 11:29 - 2012-06-05 22:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll

2017-01-14 11:29 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2017-01-14 11:29 - 2011-12-16 00:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll

2017-01-14 11:29 - 2011-12-15 23:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll

2017-01-14 11:29 - 2011-08-26 21:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2017-01-14 11:29 - 2011-08-26 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll

2017-01-14 11:29 - 2011-08-26 20:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2017-01-14 11:29 - 2011-08-26 20:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll

2017-01-14 11:29 - 2011-02-12 03:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe

2017-01-14 11:27 - 2017-01-14 11:27 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Mozilla

2017-01-14 11:09 - 2017-01-28 00:34 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\vlc

2017-01-14 11:09 - 2017-01-14 11:09 - 00000939 _____ C:\Users\Public\Desktop\VLC media player.lnk

2017-01-14 11:09 - 2017-01-14 11:09 - 00000000 ____D C:\Program Files (x86)\VLC

2017-01-14 11:08 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll

2017-01-14 11:08 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll

2017-01-14 11:08 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys

2017-01-14 11:04 - 2017-01-14 11:04 - 01605592 ____S (PortableApps.com) C:\Users\SHODAN\Downloads\GoogleChromePortable_55.0.2883.87_online.paf.exe

2017-01-14 11:00 - 2017-01-14 11:00 - 07220496 ____S (IvoSoft) C:\Users\SHODAN\Downloads\ClassicShellSetup_4_3_0.exe

2017-01-14 11:00 - 2017-01-14 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell

2017-01-14 11:00 - 2017-01-14 11:00 - 00000000 ____D C:\Program Files\Classic Shell

2017-01-14 04:45 - 2017-01-14 04:45 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

2017-01-14 04:45 - 2017-01-14 04:45 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

2017-01-14 04:43 - 2017-01-13 20:55 - 00000000 ____D C:\Windows\Panther

2017-01-14 00:04 - 2017-01-13 23:42 - 387532560 ____S (NVIDIA Corporation) C:\Users\SHODAN\Downloads\376.33-desktop-win8-win7-64bit-international-whql.exe

2017-01-14 00:04 - 2017-01-13 23:32 - 43000680 ____S (Microsoft Corporation) C:\Users\SHODAN\Downloads\dotNetFx40_Client_x86_x64.exe

2017-01-14 00:04 - 2017-01-11 04:06 - 31278000 ____S (LuxRender ) C:\Users\SHODAN\Downloads\LuxRender 1.6 x86 NoOpenCL Setup.exe

2017-01-14 00:04 - 2017-01-11 03:45 - 02028168 ____S (Baidu, Inc.) C:\Users\SHODAN\Downloads\BavPro_Setup_Mini_GL.exe

2017-01-14 00:04 - 2017-01-11 03:24 - 01733280 ____S C:\Users\SHODAN\Downloads\AnyDesk REMOTE ACCESS.exe

2017-01-13 23:54 - 2017-01-11 01:05 - 00000083 ____S C:\Users\SHODAN\Downloads\04 Red Rooibos Latte - Global Table Adventure.url

2017-01-13 23:50 - 2017-01-28 17:17 - 00000000 ____D C:\Users\SHODAN\AppData\Local\CrashDumps

2017-01-13 23:50 - 2017-01-27 22:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-01-13 23:50 - 2017-01-25 20:45 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2017-01-13 23:50 - 2017-01-13 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2017-01-13 23:50 - 2017-01-13 23:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-01-13 23:50 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2017-01-13 23:50 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2017-01-13 23:43 - 2017-01-11 01:09 - 221856440 ____S (Macrovision Corporation) C:\Users\SHODAN\Downloads\paint-shop-pro-11-20-PaintShopPro1120_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe

2017-01-13 23:09 - 2017-01-21 18:22 - 00000000 ___SD C:\Users\SHODAN\Downloads\SumatraPDFPortable

2017-01-13 23:07 - 2017-01-11 01:12 - 113892104 ____S (Jasc Software Inc ) C:\Users\SHODAN\Downloads\psp90.exe

2017-01-13 23:05 - 2017-01-13 23:07 - 00000000 ___SD C:\Users\SHODAN\Downloads\Links eh!

2017-01-13 23:04 - 2017-01-19 20:42 - 00004704 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys

2017-01-13 23:04 - 2017-01-13 23:04 - 00000008 __RSH C:\Windows\SysWOW64\6B762F5822.sys

2017-01-13 22:07 - 2017-01-19 20:42 - 00000000 ____D C:\Installed Utlilties

2017-01-13 22:03 - 2017-01-13 22:03 - 00000000 ____D C:\Windows\SysWOW64\RTCOM

2017-01-13 22:03 - 2017-01-13 22:03 - 00000000 ____D C:\Program Files\Realtek

2017-01-13 22:00 - 2012-03-27 00:13 - 00789272 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys

2017-01-13 22:00 - 2012-03-27 00:13 - 00356632 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys

2017-01-13 22:00 - 2012-01-17 03:19 - 04734440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys

2017-01-13 22:00 - 2012-01-17 00:25 - 00215644 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT

2017-01-13 22:00 - 2012-01-16 18:39 - 03844200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll

2017-01-13 22:00 - 2012-01-12 03:25 - 02649704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll

2017-01-13 22:00 - 2012-01-09 22:48 - 00958296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll

2017-01-13 22:00 - 2011-12-22 21:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll

2017-01-13 22:00 - 2011-12-19 23:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll

2017-01-13 22:00 - 2011-12-18 01:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll

2017-01-13 22:00 - 2011-12-18 01:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll

2017-01-13 22:00 - 2011-12-15 22:57 - 00894040 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll

2017-01-13 22:00 - 2011-12-15 22:57 - 00750680 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll

2017-01-13 22:00 - 2011-12-15 22:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll

2017-01-13 22:00 - 2011-12-14 20:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll

2017-01-13 22:00 - 2011-12-13 04:22 - 02528832 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll

2017-01-13 22:00 - 2011-12-13 00:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl

2017-01-13 22:00 - 2011-11-22 00:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll

2017-01-13 22:00 - 2011-11-10 00:04 - 00060184 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys

2017-01-13 22:00 - 2011-09-29 01:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys

2017-01-13 22:00 - 2011-09-29 01:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll

2017-01-13 22:00 - 2011-09-29 01:30 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll

2017-01-13 22:00 - 2011-07-22 03:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll

2017-01-13 22:00 - 2010-11-07 15:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll

2017-01-13 22:00 - 2010-11-03 02:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll

2017-01-13 22:00 - 2010-09-26 17:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll

2017-01-13 22:00 - 2010-07-22 00:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll

2017-01-13 22:00 - 2010-07-02 03:40 - 00080984 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll

2017-01-13 22:00 - 2009-11-23 17:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll

2017-01-13 22:00 - 2009-11-23 17:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll

2017-01-13 22:00 - 2009-11-23 17:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll

2017-01-13 22:00 - 2009-11-23 17:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll

2017-01-13 22:00 - 2009-11-17 15:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll

2017-01-13 22:00 - 2009-11-17 02:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll

2017-01-13 21:55 - 2017-01-13 21:55 - 00000000 ___SD C:\Users\SHODAN\Downloads\luxrender keygen

2017-01-13 21:49 - 2017-01-13 21:49 - 00000000 ____D C:\Users\SHODAN\AppData\LocalLow\Hyper Hippo Games

2017-01-13 21:48 - 2017-01-28 16:52 - 00000000 ____D C:\Users\SHODAN\AppData\Local\ClassicShell

2017-01-13 21:48 - 2017-01-14 11:37 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Thunderbird

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\SWTORPerf

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\SWTOR

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Skyrim

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Opera Software

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\Google

2017-01-13 21:48 - 2017-01-13 21:48 - 00000000 ____D C:\Users\SHODAN\AppData\Local\FalloutNV

2017-01-13 21:45 - 2017-01-13 21:45 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Guild Wars 2

2017-01-13 21:44 - 2017-01-28 16:29 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\TeraCopy

2017-01-13 21:44 - 2017-01-14 11:27 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Thunderbird

2017-01-13 21:44 - 2017-01-13 21:45 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\.minecraft

2017-01-13 21:44 - 2017-01-13 21:44 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\zTheWinAmp

2017-01-13 21:44 - 2017-01-13 21:44 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Origin

2017-01-13 21:44 - 2017-01-13 21:44 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Opera Software

2017-01-13 21:41 - 2017-01-14 11:28 - 00000000 ____D C:\Users\SHODAN\AppData\LocalLow\BAVData

2017-01-13 21:41 - 2017-01-13 21:41 - 00485672 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00418288 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00330224 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00262088 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00232392 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00083144 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00075248 _____ (Baidu, Inc.) C:\Windows\system32\bdhookx64.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00062792 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00061896 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00057560 _____ C:\Users\SHODAN\AppData\Local\GDIPFONTCACHEV1.DAT

2017-01-13 21:41 - 2017-01-13 21:41 - 00038344 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys

2017-01-13 21:41 - 2017-01-13 21:41 - 00032752 _____ (Baidu, Inc.) C:\Windows\SysWOW64\bdhookx86.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00003544 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633

2017-01-13 21:41 - 2017-01-13 21:41 - 00003456 _____ C:\Windows\System32\Tasks\Baidu Antivirus Update

2017-01-13 21:41 - 2017-01-13 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus

2017-01-13 21:41 - 2017-01-13 21:41 - 00000000 ____D C:\ProgramData\Baidu Security

2017-01-13 21:41 - 2017-01-13 21:41 - 00000000 ____D C:\Program Files (x86)\Baidu Security

2017-01-13 21:41 - 2015-05-28 03:45 - 00078792 _____ C:\Windows\system32\Drivers\bdark64.sys

2017-01-13 21:40 - 2016-06-13 10:18 - 02105040 ____S (PeerBlock, LLC ) C:\Users\SHODAN\Downloads\PeerBlock-Setup_v1.1_r518.exe

2017-01-13 21:40 - 2016-06-13 10:18 - 00922544 ____S (Opera Software) C:\Users\SHODAN\Downloads\OperaSetup.exe

2017-01-13 21:21 - 2017-01-13 21:38 - 00000000 ____D C:\Users\SHODAN\AppData\Local\NVIDIA Corporation

2017-01-13 21:21 - 2017-01-13 21:21 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-01-13 21:21 - 2017-01-13 21:21 - 00000000 ____D C:\Users\SHODAN\AppData\Local\NVIDIA

2017-01-13 21:20 - 2017-01-13 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2017-01-13 21:20 - 2017-01-13 21:20 - 00003836 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2017-01-13 21:20 - 00003836 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2017-01-13 21:20 - 00003786 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2017-01-13 21:20 - 00003774 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2017-01-13 21:20 - 00003598 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2017-01-13 21:20 - 00003538 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-01-13 21:20 - 2016-12-11 18:37 - 01854400 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll

2017-01-13 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2017-01-13 21:19 - 2017-01-27 22:29 - 00000000 ____D C:\ProgramData\NVIDIA

2017-01-13 21:19 - 2017-01-14 13:11 - 00000000 ____D C:\ProgramData\Package Cache

2017-01-13 21:19 - 2017-01-13 21:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-01-13 21:19 - 2017-01-13 21:20 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-01-13 21:19 - 2017-01-13 21:19 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-01-13 21:19 - 2016-12-11 18:37 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll

2017-01-13 21:19 - 2016-12-11 18:37 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2017-01-13 21:19 - 2016-12-11 18:37 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

2017-01-13 21:19 - 2016-12-11 10:47 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2017-01-13 21:19 - 2016-12-11 10:47 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2017-01-13 21:19 - 2016-12-11 10:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2017-01-13 21:19 - 2016-12-09 00:52 - 07639617 _____ C:\Windows\system32\nvcoproc.bin

2017-01-13 21:19 - 2016-09-09 10:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll

2017-01-13 21:19 - 2016-09-09 10:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll

2017-01-13 21:19 - 2016-09-09 10:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2017-01-13 21:19 - 2016-09-09 10:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe

2017-01-13 21:18 - 2017-01-13 21:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-01-13 21:18 - 2016-12-11 18:37 - 40125496 _____ C:\Windows\system32\nvcompiler.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 28138432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 19947472 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 17436808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 17376896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 14410472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 14073400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2017-01-13 21:18 - 2016-12-11 18:37 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 10345696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 08753832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 03640376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 03206080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 01036224 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00491536 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2017-01-13 21:18 - 2016-12-11 18:37 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2017-01-13 21:18 - 2016-12-11 18:37 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2017-01-13 21:18 - 2016-12-11 18:37 - 00041334 _____ C:\Windows\system32\nvinfo.pb

2017-01-13 21:18 - 2016-12-11 18:37 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json

2017-01-13 21:18 - 2016-12-11 18:37 - 00000669 _____ C:\Windows\system32\nv-vk64.json

2017-01-13 21:17 - 2017-01-13 21:17 - 00000000 ____D C:\NVIDIA

2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\BavMini

2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\Users\Public\Documents\Baidu

2017-01-13 21:15 - 2017-01-13 21:15 - 00000000 ____D C:\ProgramData\Baidu

2017-01-13 21:11 - 2017-01-13 21:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

2017-01-13 20:55 - 2017-01-19 21:21 - 00000000 ____D C:\Users\SHODAN

2017-01-13 20:55 - 2017-01-15 00:15 - 00001417 _____ C:\Users\SHODAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2017-01-13 20:55 - 2017-01-13 20:55 - 00000020 ___SH C:\Users\SHODAN\ntuser.ini

2017-01-13 20:55 - 2017-01-13 20:55 - 00000000 _SHDL C:\Users\SHODAN\My Documents

2017-01-13 20:55 - 2017-01-13 20:55 - 00000000 _SHDL C:\Users\SHODAN\Documents\My Videos

2017-01-13 20:55 - 2017-01-13 20:55 - 00000000 _SHDL C:\Users\SHODAN\Documents\My Pictures

2017-01-13 20:55 - 2017-01-13 20:55 - 00000000 _SHDL C:\Users\SHODAN\Documents\My Music

2017-01-13 20:55 - 2017-01-13 20:55 - 00000000 ____D C:\Users\SHODAN\AppData\Local\VirtualStore

2017-01-13 20:55 - 2011-04-12 00:28 - 00000000 ____D C:\Users\SHODAN\AppData\Roaming\Media Center Programs

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2017-01-27 22:37 - 2009-07-13 20:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-01-27 22:37 - 2009-07-13 20:45 - 00022528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-01-27 22:35 - 2009-07-13 21:13 - 00782886 _____ C:\Windows\system32\PerfStringBackup.INI

2017-01-27 22:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf

2017-01-27 22:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-01-27 14:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2017-01-26 14:54 - 2009-07-13 21:08 - 00013152 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-01-21 17:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF

2017-01-21 17:34 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files

2017-01-19 15:27 - 2009-07-13 20:45 - 00265552 _____ C:\Windows\system32\FNTCACHE.DAT

2017-01-19 15:26 - 2011-04-12 00:28 - 00000000 ____D C:\Program Files\Windows Journal

2017-01-19 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism

2017-01-19 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism

2017-01-19 15:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2017-01-15 11:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender

2017-01-15 11:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2017-01-15 11:44 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\System

2017-01-14 13:10 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2017-01-14 10:57 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries

2017-01-14 04:45 - 2009-07-13 21:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2017-01-14 04:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\sysprep

2017-01-14 04:42 - 2009-07-13 21:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template

2017-01-13 22:01 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2017-01-13 22:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2017-01-13 21:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help

2017-01-06 18:25 - 2009-07-13 18:34 - 00537985 _____ C:\Windows\system32\Drivers\etc\HOSTS.MVP

 

==================== Files in the root of some directories =======

 

2017-01-19 21:28 - 2017-01-19 21:28 - 0002861 _____ () C:\Users\SHODAN\AppData\Local\recently-used.xbel

 

Some files in TEMP:

====================

2017-01-28 00:57 - 2017-01-28 09:02 - 0737280 _____ (Indigo Rose Corporation) C:\Users\SHODAN\AppData\Local\Temp\irsetup.exe

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2017-01-27 14:12

 

==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 01 February 2017 - 01:02 PM

Someone, please help me to clean this rootkit off my system.



#3 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 01 February 2017 - 05:59 PM

My name is TsVk!, but you can call me John. I'll be helping you with your issue. :)

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.


These things are to make it easier for me to help you.

I've looked at your post and will respond as soon as possible with instructions.

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

John



#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 01 February 2017 - 06:29 PM

Please copy and paste your addition.txt that was generated when you ran FRST.exe. It will be in the same folder as the application when it was run.



#5 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 04 February 2017 - 12:54 AM

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01

Ran by SHODAN (03-02-2017 17:33:09)

Running from H:\Emergency Malware Removal

Windows 7 Home Premium Service Pack 1 (X64) (2017-01-14 04:55:07)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2208384888-2618818994-3286152505-500 - Administrator - Disabled)

Guest (S-1-5-21-2208384888-2618818994-3286152505-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2208384888-2618818994-3286152505-1002 - Limited - Enabled)

SHODAN (S-1-5-21-2208384888-2618818994-3286152505-1000 - Administrator - Enabled) => C:\Users\SHODAN

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}

FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)

Ansel (Version: 376.33 - NVIDIA Corporation) Hidden

Any Video Converter 6.0.7 (HKLM-x32\...\Any Video Converter) (Version: 6.0.7 - Anvsoft)

Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.4.3.148966 - Baidu, Inc.)

Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)

Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)

DC Universe Online Live (HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\DG0-DC Universe Online Live) (Version:  - Sony Online Entertainment)

Direct Folders (HKLM-x32\...\DirectFoldersAppID_is1) (Version:  - Code Sector Inc.)

Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

EditPad Lite 7.5.0 (HKLM\...\EditPad Lite) (Version: 7.5.0 - Just Great Software)

GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)

High Octane Drift (HKLM\...\Steam App 457330) (Version:  - Cruderocks)

Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)

LuxRender 1.6 x64 OpenCL (HKLM\...\{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1) (Version: 1.6 - LuxRender)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)

NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden

Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)

Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C737440}) (Version: 3.36.0 - dotPDN LLC)

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)

Send Anywhere (HKLM-x32\...\{4C09F722-410A-481D-A488-D56FBE34334F}_is1) (Version: 2.6.9 - Estmob Inc.)

SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)

TeraCopy 3.0 RC (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

ZoneAlarm Firewall (x32 Version: 15.0.159.17147 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.159.17147 - Check Point)

ZoneAlarm Security (x32 Version: 15.0.159.17147 - Check Point Software Technologies Ltd.) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {34A71682-3065-4629-B83C-7ED63D904A80} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation)

Task: {37585D74-5BF7-47CD-A7DE-54A2FAB14978} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"

Task: {45805657-0DAA-4162-BF5E-77DAEF1AB070} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-11] (NVIDIA Corporation)

Task: {4D380C21-EF57-4401-857B-42B5F99E6E0C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-11] (NVIDIA Corporation)

Task: {725404B9-4B81-45A1-95E1-EB52E10B64FC} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavUpdater.exe [2017-01-13] (Baidu, Inc.)

Task: {80DF1495-EA15-4F89-8A52-A2609D70685D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation)

Task: {9385953C-613B-463B-9266-D50ADC350424} - System32\Tasks\{43DD24A0-D432-4349-AF0F-B939EB6E4634} => F:\laptop 2016\not_complete_downloads\Corel Draw X7\CORELDRAW_GRAPHICS_SUITE_X7_WIN64-XFORCE\CorelDRAWGraphicsSuiteX7Installer_EN64Bit.exe

Task: {9EB63738-39E2-4CCD-9BE0-B826C82A8A28} - System32\Tasks\Opera scheduled Autoupdate 1484423662 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)

Task: {AEC73D12-65F6-4F29-A6D1-723CB93E74B8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-11] (NVIDIA Corporation)

Task: {B27491E4-2B88-4E01-B515-6D063CBC4E7A} - System32\Tasks\SUPERAntiSpyware Scheduled Task abd14392-a2c2-4919-80da-cde176b0ca67 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {BDC94244-85AD-4327-B211-D304BF53D566} - System32\Tasks\SUPERAntiSpyware Scheduled Task 71299616-44c4-477c-b0ae-e01abae6aa90 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)

Task: {C5C1B53F-2AB9-4973-B9B9-86913C4496A1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-11] (NVIDIA Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71299616-44c4-477c-b0ae-e01abae6aa90.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task abd14392-a2c2-4919-80da-cde176b0ca67.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

Shortcut: C:\Users\SHODAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> H:\1 GoogleChromePortable\App\Chrome-bin\chrome.exe (Google Inc.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2017-01-13 21:19 - 2016-12-11 10:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2017-01-14 15:14 - 2012-07-29 04:22 - 00072192 _____ () C:\Program Files (x86)\Direct Folders\dfh64.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll

2017-01-17 17:15 - 2016-06-09 12:37 - 05555896 _____ () C:\Installed Utlilties\Send Anywhere\sendanywhere.exe

2014-08-17 22:33 - 2011-02-22 15:33 - 01306112 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtNetwork4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00255488 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\SSLEAY32.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 01364480 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\LIBEAY32.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 03120128 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtCore4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 03509248 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\Qt3Support4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00881152 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtSql4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00560640 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtXml4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 11170304 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtGui4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00543232 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtOpenGL4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 01096704 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\QtScript4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00026112 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\imageformats\qgif4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00031232 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\imageformats\qico4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00169472 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\imageformats\qjpeg4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00304640 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\imageformats\qmng4.dll

2014-08-17 22:33 - 2011-02-22 15:33 - 00312320 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\imageformats\qtiff4.dll

2014-08-17 22:33 - 2010-09-07 06:52 - 01941504 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\aniMate2.dll

2014-08-17 22:33 - 2011-02-22 15:28 - 03376640 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\DazCollada.dll

2014-08-17 22:33 - 2011-02-22 15:28 - 03212288 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\dz3delight.dll

2014-08-17 22:33 - 2011-02-22 17:07 - 00131584 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dzsceneinfo.dll

2014-08-17 22:33 - 2011-02-22 17:00 - 00263680 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dzscriptedrenderer.dll

2014-08-17 22:33 - 2011-02-22 17:01 - 02158080 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dzshaderbuilder.dll

2014-08-17 22:33 - 2011-02-22 17:02 - 01896448 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dzshadermixerbase.dll

2014-08-17 22:33 - 2011-02-22 16:59 - 00491520 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dzshadermixergui.dll

2014-08-17 22:33 - 2011-12-16 21:40 - 01364480 ____C () E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\Reality\Reality_2.0.dll

2017-01-14 15:13 - 2015-04-21 23:10 - 01736192 _____ () C:\Installed Utlilties\TeraCopy\TeraCopy64.dll

2017-01-14 15:13 - 2016-12-07 16:40 - 03681104 _____ () C:\Installed Utlilties\TeraCopy\TeraCopyExt.dll

2017-01-17 17:15 - 2016-04-27 12:11 - 00135168 _____ () C:\Installed Utlilties\Send Anywhere\snda_context_handler.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00297968 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\HipsLogger.dll

2017-01-13 21:41 - 2015-05-28 03:44 - 00198128 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\dark.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00540656 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\sqlite.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00370672 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BNetOp.dll

2017-01-17 17:15 - 2014-12-22 01:07 - 00119822 _____ () C:\Installed Utlilties\Send Anywhere\libgcc_s_dw2-1.dll

2017-01-17 17:15 - 2014-12-22 01:07 - 01026062 _____ () C:\Installed Utlilties\Send Anywhere\libstdc++-6.dll

2017-01-14 15:14 - 2012-07-29 04:23 - 00073728 _____ () C:\Program Files (x86)\Direct Folders\dfh32.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-01-13 21:20 - 2016-12-11 18:37 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

2017-01-13 21:41 - 2017-01-13 21:41 - 00277488 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\Pulgin_Dark_DeleteFileTip.dll

2017-01-11 02:42 - 2017-01-11 02:42 - 00333824 _____ () H:\zTheWinAmp\Plugins\freeform\wacs\freetype\freetype.wac

2017-01-21 18:05 - 2017-01-21 18:04 - 68769880 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\opera.dll

2017-01-21 18:05 - 2017-01-21 18:04 - 01895000 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libglesv2.dll

2017-01-21 18:05 - 2017-01-21 18:04 - 00087128 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"="0"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"="0"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

 

 

There are 7777 more sites.

 

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\...\100888290cs.com -> mir.100888290cs.com

 

There are 7777 more sites.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 18:34 - 2016-05-15 11:02 - 00504843 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1 localhost

0.0.0.0 m.fr.a2dfp.net

0.0.0.0 mfr.a2dfp.net

0.0.0.0 ad.a8.net

0.0.0.0 asy.a8ww.net

0.0.0.0 static.a-ads.com

0.0.0.0 atlas.aamedia.ro

0.0.0.0 abcstats.com

0.0.0.0 ad4.abradio.cz

0.0.0.0 a.abv.bg

0.0.0.0 adserver.abv.bg

0.0.0.0 adv.abv.bg

0.0.0.0 bimg.abv.bg

0.0.0.0 ca.abv.bg

0.0.0.0 track.acclaimnetwork.com

0.0.0.0 accuserveadsystem.com

0.0.0.0 www.accuserveadsystem.com

0.0.0.0 achmedia.com

0.0.0.0 csh.actiondesk.com

0.0.0.0 ads.activepower.net

0.0.0.0 app.activetrail.com

0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]

0.0.0.0 traffic.acwebconnecting.com

0.0.0.0 office.ad1.ru

0.0.0.0 cms.ad2click.nl

0.0.0.0 ad2games.com

0.0.0.0 ads.ad2games.com

0.0.0.0 content.ad20.net

0.0.0.0 core.ad20.net

0.0.0.0 banner.ad.nu

 

There are 11954 more lines.

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2208384888-2618818994-3286152505-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SHODAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is disabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{8D800640-C643-4AF4-8460-50744FE7C066}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{8811C173-AA51-4FDB-8E52-0B58236453BA}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{133282C2-EB48-4042-ACD1-6A8891969C17}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{7D4974AE-619E-4F19-AC36-596F4C714BAD}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{01AC93F1-9061-4475-969B-C240C2400B71}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{77EEC8A4-60DF-489E-B93E-CFCE1A71E0DE}H:\1 googlechromeportable\app\chrome-bin\chrome.exe] => H:\1 googlechromeportable\app\chrome-bin\chrome.exe

FirewallRules: [UDP Query User{30FCDC4B-0ADC-4F2B-9D3D-193A98C78A6D}H:\1 googlechromeportable\app\chrome-bin\chrome.exe] => H:\1 googlechromeportable\app\chrome-bin\chrome.exe

FirewallRules: [{39A00561-8A55-410D-8524-B2CBE22C9170}] => H:\steam\Steam.exe

FirewallRules: [{0D632C5A-8C93-4ABA-8686-F50F8F9BCAD5}] => H:\steam\Steam.exe

FirewallRules: [{EF7F9106-D3B6-4B84-B29B-0C681FF09220}] => H:\steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{A926E9AD-943E-49B0-B7E8-2C3D5DE8064A}] => H:\steam\bin\cef\cef.win7\steamwebhelper.exe

FirewallRules: [{DAD1D04B-8B6A-4230-ABB5-A9A33E690BFB}] => H:\steam\steamapps\common\APB Reloaded\Binaries\APB.exe

FirewallRules: [{BED92CCA-0B22-458C-A17B-90C9BCED6D8E}] => H:\steam\steamapps\common\APB Reloaded\Binaries\APB.exe

FirewallRules: [{FC8FFE27-1EA1-4EC9-9B83-8B2DEE168FE9}] => H:\steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe

FirewallRules: [{A6A9003B-5633-4260-AD45-2C2C28E9557E}] => H:\steam\steamapps\common\APB Reloaded\Binaries\VivoxVoiceService.exe

FirewallRules: [{C60341E8-6A78-4632-9432-5B338D76FF17}] => C:\Installed Utlilties\Send Anywhere\sendanywhere.exe

FirewallRules: [{D15968FD-1EA3-47C7-9D20-208AA2C0C94C}] => H:\DownloadsGOhere\AnyDesk REMOTE ACCESS.exe

FirewallRules: [{5E7CD2BC-840B-4D86-B451-12F7F57F0F1E}] => H:\DownloadsGOhere\AnyDesk REMOTE ACCESS.exe

FirewallRules: [{F4EEC134-6794-4915-ADBE-19726EA08390}] => H:\DownloadsGOhere\AnyDesk REMOTE ACCESS.exe

FirewallRules: [{DFD8A069-158A-4C21-9C94-6846921DE047}] => H:\DownloadsGOhere\AnyDesk REMOTE ACCESS.exe

FirewallRules: [{E1EB63E0-C53D-4CFF-837A-6FF3AD0C290E}] => C:\Program Files\LuxRender\luxconsole.exe

FirewallRules: [{438E3B9C-0351-42FB-B471-EF06D098B0A9}] => C:\Program Files\LuxRender\luxconsole.exe

FirewallRules: [{2AF371CE-9039-4F30-982E-87603BE77260}] => H:\steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{221DA65A-5864-4B4F-BF84-BDDBCD2D8D5C}] => H:\steam\steamapps\common\Team Fortress 2\hl2.exe

FirewallRules: [{433915D7-DC8A-4F29-9102-D34960BB1E14}] => H:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{BEC87802-7EDA-48DD-85CA-E053B27339D3}] => H:\steam\steamapps\common\Saints Row IV\SaintsRowIV.exe

FirewallRules: [{A373E7EF-B041-407B-AEEF-CB424596BCF7}] => H:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{3D7D4D10-8A2E-4885-82BD-0D28D378E481}] => H:\steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{268FA3B0-23CC-46F1-85A1-E07609EE97EE}] => H:\steam\steamapps\common\Unturned\Unturned_BE.exe

FirewallRules: [{C0705470-40F4-4A3A-8F9B-C3B1565253C9}] => H:\steam\steamapps\common\Unturned\Unturned_BE.exe

FirewallRules: [{00BE6A27-7066-4E20-8C77-BBD34F309C61}] => H:\steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{F44EE4D3-B592-48A8-AA1B-FEE7A3DD2CDC}] => H:\steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{F888E44A-AC6D-412C-B7D7-1677540AA59C}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

FirewallRules: [{04895178-9C32-4C46-B4D5-A357BBE0DB82}] => H:\steam\steamapps\common\High Octane Drift\HighOctaneDrift.exe

FirewallRules: [{9BAB5257-6FFB-4CB7-A086-3B6CD25A42BD}] => H:\steam\steamapps\common\High Octane Drift\HighOctaneDrift.exe

FirewallRules: [{46BF0574-0F79-466B-BE86-E18FB39C681C}] => H:\steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{E807DD97-A03B-4763-8C9F-9F88B87EE408}] => H:\steam\steamapps\common\Portal 2\portal2.exe

FirewallRules: [{9B628F61-4C46-4B6A-B910-5903B5E83386}] => H:\steam\steamapps\common\AdVenture Communist\adventure-communist.exe

FirewallRules: [{F8FDF7F3-CA27-4A4F-A17B-EDD20F5A8266}] => H:\steam\steamapps\common\AdVenture Communist\adventure-communist.exe

FirewallRules: [{B7776C5E-39DB-4DD3-A539-F6F791FB0C34}] => H:\steam\steamapps\common\BallisticNG\BallisticNG.exe

FirewallRules: [{89788872-C336-4026-BADF-48F1F9F734EE}] => H:\steam\steamapps\common\BallisticNG\BallisticNG.exe

FirewallRules: [{0BD7CB1A-B88C-4768-ABEE-57E07639D464}] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{CD7A789D-7CF7-4DF6-8CB4-1D53C6EAFC80}] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{C2B12710-4A65-4290-AF17-C8C9C05F4987}] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{384D87CC-1037-4C6C-B779-E5BAB78FA0C5}] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

 

==================== Restore Points =========================

 

ATTENTION: System Restore is disabled

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/28/2017 05:31:54 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "H:\Emergency Malware Removal\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

 

Error: (01/28/2017 05:16:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x00000000048c0fd8

Faulting process id: 0x694

Faulting application start time: 0x01d2792fee7f56a5

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: unknown

Report Id: 9f337976-e5c0-11e6-88c7-902b346ca4e7

 

Error: (01/27/2017 10:33:58 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "E:\daz 3n4\3.1.2\DAZStudio3 64bit\plugins\dz3dconnexion.dll".

Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053" could not be found.

Please use sxstrace.exe for detailed diagnosis.

 

Error: (01/27/2017 10:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

Error: (01/27/2017 10:21:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: DllHost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54

Faulting module name: ACLUI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bde68

Exception code: 0xc0000005

Fault offset: 0x00000000000118e3

Faulting process id: 0xa88

Faulting application start time: 0x01d2792eba5860fd

Faulting application path: C:\Windows\system32\DllHost.exe

Faulting module path: C:\Windows\system32\ACLUI.dll

Report Id: f80e715e-e521-11e6-a75d-902b346ca4e7

 

Error: (01/27/2017 10:19:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7a144

Faulting module name: ACLUI.dll, version: 6.1.7600.16385, time stamp: 0x4a5bde68

Exception code: 0xc0000005

Fault offset: 0x00000000000118e3

Faulting process id: 0x698

Faulting application start time: 0x01d2792e2b4a4e25

Faulting application path: C:\Windows\Explorer.EXE

Faulting module path: C:\Windows\system32\ACLUI.dll

Report Id: b1104712-e521-11e6-a75d-902b346ca4e7

 

Error: (01/27/2017 10:19:04 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

 

 

System errors:

=============

Error: (01/27/2017 10:29:50 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:29:08 PM on ‎1/‎27/‎2017 was unexpected.

 

Error: (01/27/2017 10:17:13 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 10:16:29 PM on ‎1/‎27/‎2017 was unexpected.

 

Error: (01/27/2017 04:07:35 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:06:12 PM on ‎1/‎27/‎2017 was unexpected.

 

Error: (01/27/2017 04:45:56 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

 

Error: (01/26/2017 04:30:18 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 4:28:58 PM on ‎1/‎26/‎2017 was unexpected.

 

Error: (01/26/2017 03:12:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (01/26/2017 03:08:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (01/26/2017 03:08:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (01/26/2017 03:08:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

Error: (01/26/2017 03:08:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

The dependency service or group failed to start.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz

Percentage of memory in use: 60%

Total physical RAM: 8137.73 MB

Available physical RAM: 3195.31 MB

Total Virtual: 20341.93 MB

Available Virtual: 15943.63 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:223.35 GB) (Free:143.1 GB) NTFS

Drive e: (Steam) (Fixed) (Total:465.76 GB) (Free:276.19 GB) NTFS

Drive g: (BUGS MOVIES) (Removable) (Total:3.61 GB) (Free:2.73 GB) FAT32

Drive h: (TOSHIBA EXT) (Fixed) (Total:1862.92 GB) (Free:759.63 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C6EE5AE9)

Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 223.6 GB) (Disk ID: 7CA7D937)

 

Partition: GPT.

 

========================================================

Disk: 2 (Size: 1863 GB) (Disk ID: 6471DEF2)

Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)

 

========================================================

Disk: 3 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)

Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C)

 

==================== End of Addition.txt ============================



#6 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 06 February 2017 - 02:01 PM

Hi Alley Cat,

 

Let's see if we can find some more information.

 

Please download TDSSKilller to your desktop.

  • Run the application
  • Click Accept twice to enter the application.
  • Click 312bl9l.jpg
  • Check the following options are selected

Objects to scan

326589d1406052195-kaspersky-tdsskiller-d System memory
326589d1406052195-kaspersky-tdsskiller-d Services and drivers
326589d1406052195-kaspersky-tdsskiller-d Boot sectors
326589d1406052195-kaspersky-tdsskiller-d Loaded modules (select this option last)

Additional Options

326588d1406052195-kaspersky-tdsskiller-d Verify file digital signatures
326589d1406052195-kaspersky-tdsskiller-d Detect TDLFS File System
326588d1406052195-kaspersky-tdsskiller-d Use KSN to scan objects (an active Internet connection is required for this option)

Tick Loaded modules last. When this option is selected, a dialog window requests a restart to load a specialized monitor.


  • Press OK to restart your machine and load the driver.
  • Press the Start Scan button.
  • If threats are detected TDSSKiller determines the best action and marks them appropriately on the Threats Detected window. Do not change these settings, just click Continue.
  • Reboot the machine when prompted.

Once your machine has restarted please copy and paste the log that has been created in your C:\ drive into your next reply. It will be named something like C:\TDSSKiller.3.1.0.9_03.10.2015_12.03.49_log.txt

 

 

51a5f31352b88-icon_MBAR.png  Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

 

Please include in your reply

  • TDSSKiller log
  • MBAR logs

John



#7 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 07 February 2017 - 01:36 AM

22:38:57.0858 0x12e4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01

22:38:57.0858 0x12e4  UEFI system

22:39:03.0786 0x12e4  ============================================================

22:39:03.0786 0x12e4  Current date / time: 2017/02/06 22:39:03.0786

22:39:03.0786 0x12e4  SystemInfo:

22:39:03.0786 0x12e4  

22:39:03.0786 0x12e4  OS Version: 6.1.7601 ServicePack: 1.0

22:39:03.0786 0x12e4  Product type: Workstation

22:39:03.0786 0x12e4  ComputerName: SHODAN-AI

22:39:03.0786 0x12e4  UserName: SHODAN

22:39:03.0786 0x12e4  Windows directory: C:\Windows

22:39:03.0786 0x12e4  System windows directory: C:\Windows

22:39:03.0786 0x12e4  Running under WOW64

22:39:03.0786 0x12e4  Processor architecture: Intel x64

22:39:03.0786 0x12e4  Number of processors: 4

22:39:03.0786 0x12e4  Page size: 0x1000

22:39:03.0786 0x12e4  Boot type: Normal boot

22:39:03.0786 0x12e4  CodeIntegrityOptions = 0x00000001

22:39:03.0786 0x12e4  ============================================================

22:39:03.0786 0x12e4  KLMD ARK init status: drvProperties = 0xF7FF00, osBuild = 7601.18933, osProperties = 0x1

22:39:03.0786 0x12e4  KLMD BG init status: drvProperties = 0xF7FF00, osBuild = 7601.18933, osProperties = 0x1

22:39:03.0786 0x12e4  BG loaded

22:39:03.0848 0x12e4  System UUID: {FF329DFD-6A46-862F-97FA-4FAD109224DA}

22:39:04.0160 0x12e4  Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:39:04.0160 0x12e4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:39:04.0160 0x12e4  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:39:04.0207 0x12e4  ============================================================

22:39:04.0207 0x12e4  \Device\Harddisk1\DR1:

22:39:04.0207 0x12e4  GPT partitions:

22:39:04.0207 0x12e4  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FB9695F6-7B57-45D7-A387-FDAF540F99F1}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000

22:39:04.0207 0x12e4  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EBA3D52A-FB47-4AAE-AA11-AD0B75E9A774}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000

22:39:04.0207 0x12e4  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4AE4913E-BAF5-47E0-AF5F-AB0E40B7CB29}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0x1BEB1800

22:39:04.0207 0x12e4  MBR partitions:

22:39:04.0207 0x12e4  \Device\Harddisk0\DR0:

22:39:04.0207 0x12e4  MBR partitions:

22:39:04.0207 0x12e4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800

22:39:04.0207 0x12e4  \Device\Harddisk2\DR2:

22:39:04.0207 0x12e4  MBR partitions:

22:39:04.0207 0x12e4  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD5800

22:39:04.0207 0x12e4  ============================================================

22:39:04.0207 0x12e4  C: <-> \Device\Harddisk1\DR1\Partition3

22:39:04.0238 0x12e4  E: <-> \Device\Harddisk0\DR0\Partition1

22:39:04.0269 0x12e4  H: <-> \Device\Harddisk2\DR2\Partition1

22:39:04.0269 0x12e4  ============================================================

22:39:04.0269 0x12e4  Initialize success

22:39:04.0269 0x12e4  ============================================================

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

 

Database version:

  main:    v2017.02.07.01

  rootkit: v2016.11.20.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17843

SHODAN :: SHODAN-AI [administrator]

 

2/6/2017 10:07:39 PM

mbar-log-2017-02-06 (22-07-39).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 278571

Time elapsed: 5 minute(s), 44 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)



#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 08 February 2017 - 05:57 PM

HI Alley Cat,

 

We are still at the information gathering stage.

 

 

2zh1g08.jpg  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Right click and "Run as Administrator".
  • The tool will open and start scanning your system.
  • On completion a log will open, note the saved JRT.txt on your desktop to copy into your reply

29bgcgg.jpg  Please download AdwCleaner and save to your Desktop.

  • Right click and "Run as Administrator"
  • Click on the Scan button.
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • After the scan has finished, click Clean and ok the reboot
  • When complete, your machine will restart and a log file will appear
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

2a507m.jpg Please download Zemana AntiMalware and install it

  • Run the application
  • Click "Next" and then Scan
  • When the scan has finished click Next to remove any threats.
  • Click the bars in the top right corner to display the logs, double click your log

aatxrp.jpg

  • copy and paste the log into your reply

 

Please include in your reply

  • AdwCleaner log
  • JRT log
  • Zemana log

John


Edited by TsVk!, 08 February 2017 - 05:58 PM.


#9 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 11 February 2017 - 07:26 PM

It's been a few days. Do you still require help?



#10 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 12 February 2017 - 02:43 PM

Yes, I still need help.

On my first attempt, AdwCleaner and JRT would not launch due to missing DLL. And unable to download new copy, as the downloads stopped at 1%

Downloaded files from 2nd desktop to this infected one. Zemana AntiMalware is now not working, after it updates, as the program crashes. Again, Downloaded files from 2nd desktop to this infected one. Zemana will not scan, asking for activation. So, no logs possible for Zemana.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Home Premium x64
Ran by SHODAN (Administrator) on Sun 02/12/2017 at 11:11:35.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\Users\SHODAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F1Y66D7J (Folder)
Successfully deleted: C:\Users\SHODAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLOQG9XG (Folder)
Successfully deleted: C:\Users\SHODAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA3U7N2M (Folder)



Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/12/2017 at 11:40:01.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.208 - Logfile created 23/01/2017 at 05:03:04
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : SHODAN - SHODAN-AI
# Running from : C:\Users\SHODAN\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BdSandBox

***** [ Files / Folders ] *****

File Found : C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_babylon5.wikia.com_0.localstorage
File Found : C:\Users\SHODAN\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_babylon5.wikia.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Pale Moon v


-\\ Google Chrome v

[C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\SHODAN\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v


-\\ Opera v42.0.2393.137


*************************

AdwCleaner[R0].txt - [2046 bytes] - [23/01/2017 05:03:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2105 bytes] ##########

(eof)

#11 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 14 February 2017 - 05:38 PM

Hi Alley Cat,

 

----------------------

Torrents, Keygens, Cracks and other copyright avoidance mechanisms!

 

These softwares often contains malware and other nasties. They are a really effective way of getting infected with malware. Right up the list there, next to deliberately infecting yourself.

 

It's up to you whether you want to run the risk by running these applications on your machine, but I ask you to remove any cracked/keygen'd sofware now and not to run any torrent software until we are finished please.

----------------------

 

Baidu AV has a poor reputation for privacy and security. It has been embroiled in court procedures in China for making unauthorized system changes. Baidu is compelled by Chinese law to report to the Chinese government on their users internet behavior and use. There are versions of Baidu AV that are quite simply malware. There is no definitive way to understand how this application effects your PC at this point in time. With all of these things in mind I am going advise you, at this stage, to remove Baidu from your system. If you choose to put it back on afterwards that is your choice. Though I will provide information on other free and secure antivirus applications to choose from.

 

2mqt6c6.jpg  Please download and install Revo Uninstaller.

  • Run the application and wait for the icon page to fully populate
  • Select Baidu Antivirus from the list and click the Uninstall button in the top ribbon
  • After Revo has created a restore point it will automatically run the target program's built in uninstaller.
  • Click through the uninstaller.
  • When it has completed you will be presented with a scanning page, select Moderate and then Scan
  • In the new windows click Select All then Delete and then Finish.

 

 

As your machine is resisting changes from installed software let's use an offline software. You will require a USB flash drive for this.

 

Hitman-Pro-Icon.png  Please download Hitman Pro, choose 32bit or 64bit depending on your Windows version. If you are unsure click here

  • Run the installer but do not click next, click on the little stick man ninja.

24gj9lg.jpg

  • When the next scrolling screen appears plug in your USB flash drive. note: all existing data on the drive will be erased
  • Click on the USB drive when it appears in step 2
  • Click Install Kickstart and ok the data erasure warning.
  • Eject the USB from your machine.
  • Transfer the USB to your infected machine and boot from it.
  • Press 1 when the Hitman menu appears.
  • Windows will start normally now, log in.
  • Wait a few seconds for Hitman to start up and take over the screen.
  • Select "No, I only want to perform a one time scan to check the computer"
  • Click next to start the scan
  • Click Save Log next to the Buy Now button and save the log to your USB drive
  • Click Reboot and remove the USB drive from your machine

Now your machine should start normally

When your machine is booted please insert the Hitman USB and open the saved log, copy and paste the contents into your reply.

 

 

malwarebytes_icon_mini_by_linux_rules-d9  Please download and install MalwareBytes Anti-Malware V3

  • The application will open automatically after installation, please be patient
  • If all your affected drives are not connected to the machine please close the application, attach them, then restart the application.
  • Click Scan in the left column
  • Click Custom Scan in the middle of the page
  • then Configure Scan at the bottom of the page

                    2qxvv3l.jpg

  • Check the Scan for Rootkits box
  • Check the checkboxes on all of your drives in the right hand column
  • Click Scan
  • When the scan has completed click Save and save the log to a text file on your desktop
  • Click Quarantine.
  • You will be prompted to restart to remove the threats. When your machine is back up please open the log you saved.
  • Copy and paste the results into your reply

 

John


Edited by TsVk!, 14 February 2017 - 06:36 PM.


#12 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 15 February 2017 - 01:21 PM

I do not have any torrent software installed.

 

HitmanPro crashes soon after launch, a few seconds after first launch.

 

Faulting application name: HitmanPro_x64.exe, version: 3.7.15.281, time stamp: 0x57fb56a4

Faulting module name: HitmanPro_x64.exe, version: 3.7.15.281, time stamp: 0x57fb56a4

Exception code: 0xc0000005

Fault offset: 0x00000000002bf385

Faulting process id: 0x7a8

Faulting application start time: 0x01d287adc5883619

Faulting application path: C:\Users\SHODAN\Desktop\HitmanPro_x64.exe

Faulting module path: C:\Users\SHODAN\Desktop\HitmanPro_x64.exe

Report Id: 40dd05b2-f3a1-11e6-a2ab-9aafb823675d

 

Second time around, the stickman ninja was gone.  A few false positives, files I gathered about 5 months ago, in case I ever get hit by ransomware.

 

HitmanPro 3.7.15.281
www.hitmanpro.com
 
   Computer name . . . . : SHODAN-AI
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : SHODAN-AI\SHODAN
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2017-02-15 10:02:00
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 4
   Traces  . . . . . . . : 11
 
   Objects scanned . . . : 1,938,558
   Files scanned . . . . : 86,510
   Remnants scanned  . . : 428,639 files / 1,423,409 keys
 
Malware _____________________________________________________________________
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\Ransomware Removal\AlphaDecrypter.exe
      Size . . . . . . . : 143,360 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:46:00)
      Entropy  . . . . . : 4.0
      SHA-256  . . . . . : E2B5035871075F8BA2B621DD7D7B6382B277FA1E1ECFA3401EF7628CD0FE9438
      Product  . . . . . : AlphaDecrypter
      Publisher
      Description  . . . : AlphaDecrypter
      Version  . . . . . : 1.0.1.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Strictor.110674
      Fuzzy  . . . . . . : 105.0
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\Ransomware Removal\BitStakDecrypter.exe
      Size . . . . . . . : 166,912 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:46:00)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : F2196FD84C3BAF2C3CD510C63D1809A96A4F81EE269317964F47182E98A05DE9
      Needs elevation  . : Yes
      Product  . . . . . : BitStakDecrypter
      Publisher
      Description  . . . : BitStakDecrypter
      Version  . . . . . : 1.1.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.GenericKD.3537351
    > HitmanPro  . . . . : App/Generic-CJ
      Fuzzy  . . . . . . : 105.0
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\Ransomware Removal\Unlock92Decrypter.exe
      Size . . . . . . . : 156,672 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:46:00)
      Entropy  . . . . . : 4.5
      SHA-256  . . . . . : CA935DC5BA62AF7D880107CBCE159A735EE0F2CE3BC59191A879597B2EE1EA40
      Product  . . . . . : Unlock92Decrypter
      Publisher
      Description  . . . : Unlock92Decrypter
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.Generic.17753140
      Fuzzy  . . . . . . : 105.0
 
Suspicious files ____________________________________________________________
 
   C:\Users\SHODAN\AppData\Local\Zemana\Zemana AntiMalware\update_{428E705D-1FF5-43B1-B18C-0C5B2459B930}.exe
      Size . . . . . . . : 14,449,600 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 10:16:52)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : EA920CF6FF0E7C320670DF4CC8C42B4D1C258672A552AE293EE3AB6D408E4329
      Product  . . . . . : ZAM
      Publisher  . . . . : Copyright 2017.
      Description  . . . : ZAM
      Version  . . . . . : 2.72.0.101
      Copyright  . . . . : Copyright 2017. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\FRST-OlderVersion\FRST64 (1).exe
      Size . . . . . . . : 2,420,736 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:45:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C7C032A8826990A34855FA4A574178DD318A57B7957A1154FC45F40A1C0BEFCB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,385,408 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:45:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 59D88FF4B60191F8ADFA44D1BC49A5FA44189C51E5DE85A4647BB7609C43D23C
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\SHODAN\Desktop\Emergency Malware Removal\FRST64.exe
      Size . . . . . . . : 2,420,736 bytes
      Age  . . . . . . . : 3.0 days (2017-02-12 09:45:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C7C032A8826990A34855FA4A574178DD318A57B7957A1154FC45F40A1C0BEFCB
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
 
Repairs _____________________________________________________________________
 
   hosts
   C:\Windows\system32\drivers\etc\


#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 15 February 2017 - 04:10 PM

Please run and post the Malwarebytes Anti-Malware results.


Edited by TsVk!, 15 February 2017 - 04:10 PM.


#14 Alley Cat

Alley Cat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 16 February 2017 - 01:25 AM

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2/15/2017

Scan Time: 9:35 AM

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2017.02.15.06

Rootkit Database: v2017.02.11.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: SHODAN

 

Scan Type: Custom Scan

Result: Completed

Objects Scanned: 2152611

Time Elapsed: 12 hr, 49 min, 39 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 4

PUP.Optional.DriverUpdaterPro, H:\DownloadsGOhere\driver-1073WIN.exe, , [97ab356e4c5c4cea57c5e55a3fc1f30d], 

PUP.Optional.Solvusoft, H:\DownloadsGOhere\DriverDoc_2016_Setup.exe, , [41017132a107b284b4cb2a4045bb946c], 

PUP.Optional.BundleInstaller, H:\DownloadsGOhere\Pokémon Uranium Setup.exe, , [8fb3e7bc317763d3068671ca9a665da3], 

RiskWare.TOR, H:\hiren 15.2\Hiren's.BootCD.15.2\HBCD\Programs\Files\Tor.7z, , [b38f6e35ebbdb87e0dfb600e48bafa06], 

 

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#15 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:02:05 AM

Posted 16 February 2017 - 05:25 AM

Please follow the instruction in post #11 and download Malwarebytes Anti-Malware V3






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users