Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE, Chrome get infected (crash) redirections and flash pop up


  • This topic is locked This topic is locked
1 reply to this topic

#1 ukyjnh

ukyjnh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 03 February 2017 - 08:08 AM

Hi

 

My web browsers get infected recently. I can not use them when I open new window, many pop up will be blocked and finally it wil lead me to other website such as Pwwysydh.com.  Flash windows will be embeded into the webpage, consuming memory.   Now I have disabled the javascript, it seems steady.  But I can not disable it all the time.

 

I assume this virus wil affect all the web browsers.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by infamouspirate (administrator) on SUPERCAT (02-02-2017 18:33:06)
Running from C:\Users\infamouspirate\Desktop
Loaded Profiles: infamouspirate (Available Profiles: infamouspirate & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Windows\SysWOW64\NetUtils2016.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ESRI) C:\Program Files (x86)\ArcGIS\License10.2\bin\ARCGIS.exe
(Oculus VR) C:\Program Files (x86)\Oculus\Service\OVRServer_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
() C:\Users\infamouspirate\AppData\Roaming\Baidu\BaiduYunGuanjia\yundetectservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oculus VR, LLC) C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Akamai Technologies, Inc.) C:\Users\infamouspirate\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\infamouspirate\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-28] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2098232 2016-11-10] ()
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [WindowsUpdate] => C:\Users\infamouspirate\AppData\Roaming\XTYJG\MQVNU.cmd C:\Users\INFAMO~1\AppData\Roaming\XTYJG\JPIIF.HCL
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835680 2016-06-14] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKU\S-1-5-21-48778301-2770824000-1803785223-1000\...\Run: [Akamai NetSession Interface] => C:\Users\infamouspirate\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-48778301-2770824000-1803785223-1000\...\Run: [BaiduYunDetect] => C:\Users\infamouspirate\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1051680 2016-12-22] ()
HKU\S-1-5-21-48778301-2770824000-1803785223-1000\...\Run: [drippt] => rundll32.exe "C:\Users\infamouspirate\AppData\Local\drippt.dll",drippt <===== ATTENTION
HKU\S-1-5-21-48778301-2770824000-1803785223-1000\...\RunOnce: [Adobe Speed Launcher] => 1486060276
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\Pusher\reghelper\xappex.1.1.1.92.(627).dll [2016-11-07] (深圳市迅雷网络技术有限公司)
ShellIconOverlayIdentifiers-x32: [AAADesktopTips] -> {4562B511-62E9-4533-B7B2-56A8BB10B482} => C:\Users\Public\Thunder Network\KanKan\reghelper\xappex.1.1.1.73.(517).dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OculusConfigUtil.lnk [2015-10-28]
ShortcutTarget: OculusConfigUtil.lnk -> C:\Program Files (x86)\Oculus\Tools\OculusConfigUtil.exe (Oculus VR, LLC)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{aaf5abc2-6024-452d-8f7e-4fa876d2f01e}: [NameServer] 82.163.143.174,82.163.142.176
Tcpip\..\Interfaces\{aaf5abc2-6024-452d-8f7e-4fa876d2f01e}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-48778301-2770824000-1803785223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHIgkKU11JRBgWcQABTA1EGVcOIgkKVRQQGQ0SJQ0NAgpFEQcFIk0FA1ADB0VXfVBdFElXTwhkJU1sCVwjREZWLE1LKUwT
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1aUQtDRQ1GbQwJWABcFQAbIhRaUQtFDFQbeAhdVQwSEgETch9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1aUQtDRQ1GbQwJWABcFQAbIhRaUQtFDFQbeAhdVQwSEgETch9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-48778301-2770824000-1803785223-1000 -> DefaultScope {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
SearchScopes: HKU\S-1-5-21-48778301-2770824000-1803785223-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV1aUQtDRQ1GbQwJWABcFQAbIhRaUQtFDFQbeAhdVQwSEgETch9aFQQTSEcFME0FCFwEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-48778301-2770824000-1803785223-1000 -> {64AF4D11-6492-4C25-B014-B6C6CEE3B0C5} URL = hxxps://www.baidu.com/s?tn=80035161_2_dg&wd={searchTerms}
BHO: 迅雷下载支持 -> {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} -> C:\Program Files (x86)\Thunder Network\Thunder\BHO\XunleiBHO649.0.19.482.dll [2016-12-07] (深圳市迅雷网络技术有限公司)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: 迅雷下载支持组件 -> {DE05CF4A-7B0A-4775-B5E5-396244938679} -> C:\Program Files (x86)\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll [2014-08-01] (深圳市迅雷网络技术有限公司)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-48778301-2770824000-1803785223-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\8.0.13.18090\KuGoo3DownXControl.ocx [2015-12-07] (广州酷狗计算机科技有限公司)
Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\8.0.13.18090\KuGoo3DownXControl.ocx [2015-12-07] (广州酷狗计算机科技有限公司)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-29] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\infamouspirate\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2016-12-22] (Baidu.com, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-01] (Google Inc.)
FF Plugin-x32: @xunlei.com/npaplayer -> C:\Users\Public\Thunder Network\APlayer\codecs\npaplayer.dll [No File]
FF Plugin-x32: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2016-12-07] (Thunder Networking Technologies,LTD)
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.1 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-12-07] ( )
FF Plugin-x32: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-12-07] ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [No File]
FF Plugin HKU\S-1-5-21-48778301-2770824000-1803785223-1000: @citrixonline.com/appdetectorplugin -> C:\Users\infamouspirate\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-48778301-2770824000-1803785223-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\infamouspirate\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-48778301-2770824000-1803785223-1000: @xunlei.com/npxluser -> C:\Program Files (x86)\Common Files\Thunder Network\UserAgent\npxluser2.0.2.3.dll [2016-12-07] (Thunder Networking Technologies,LTD)
FF Plugin HKU\S-1-5-21-48778301-2770824000-1803785223-1000: @xunlei.com/npxunlei;version=1.0.0.2 -> C:\Program Files (x86)\Thunder Network\Thunder\Data\npxunlei1.0.0.2.dll [2016-12-07] ( )

Chrome:
=======
CHR Profile: C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Slides) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-01]
CHR Extension: (Google Docs) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-01]
CHR Extension: (Google Drive) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-01]
CHR Extension: (Rapport) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2017-02-01]
CHR Extension: (YouTube) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-01]
CHR Extension: (Adobe Acrobat) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-01]
CHR Extension: (Google Sheets) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-01]
CHR Extension: (Gmail) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\infamouspirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-01]
CHR HKU\S-1-5-21-48778301-2770824000-1803785223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-48778301-2770824000-1803785223-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ArcGIS License Manager; C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe [1452408 2013-11-13] (Flexera Software LLC)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4163680 2016-06-14] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162144 2016-05-19] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014160 2016-03-04] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2328160 2016-07-01] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-06-02] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [598112 2016-06-02] (MSI)
R2 NetUtils2016srv; C:\WINDOWS\SysWOW64\NetUtils2016.exe [470592 2017-01-29] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-11-10] (NVIDIA Corporation)
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [4167736 2016-11-10] (NVIDIA Corporation)
R2 OVRService; C:\Program Files (x86)\Oculus\Service\OVRServiceLauncher.exe [328840 2015-10-21] (Oculus VR) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XLNXService; C:\Users\infamouspirate\AppData\Roaming\XLGameBox\ServicePlatform\XLNX.dll [151488 2016-12-07] (深圳市迅雷网络技术有限公司)
R2 XLServicePlatform; C:\Program Files (x86)\Common Files\Thunder Network\ServicePlatform\XLSP.dll [163912 2016-12-07] (ShenZhen Xunlei Networking Technologies,LTD)
S2 GTFAVENUE Updater; C:\Program Files (x86)\GTFAVENUE Updater\GTFAVENUE Updater.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-01-29] () <==== ATTENTION
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispwi.inf_amd64_ef4c14a7f979dba3\nvlddmkm.sys [14172608 2016-11-12] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-22] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [926824 2013-03-12] (Realtek Semiconductor Corporation                           )
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 XLGuard; C:\WINDOWS\System32\drivers\XLGuard.sys [36112 2016-02-18] (深圳市迅雷网络技术有限公司)
R2 XLWFP; C:\WINDOWS\System32\drivers\xlwfp.sys [59664 2016-03-29] (深圳市迅雷网络技术有限公司)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 18:33 - 2017-02-02 18:34 - 00031971 _____ C:\Users\infamouspirate\Desktop\FRST.txt
2017-02-02 18:32 - 2017-02-02 18:33 - 00000000 ____D C:\FRST
2017-02-02 18:32 - 2017-02-02 18:31 - 02420736 _____ (Farbar) C:\Users\infamouspirate\Desktop\FRST64.exe
2017-02-02 18:31 - 2017-02-02 18:31 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-01 19:52 - 2017-02-01 19:52 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-01 19:52 - 2017-02-01 19:52 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-01 19:51 - 2017-02-01 19:58 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 19:51 - 2017-02-01 19:58 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-01 19:50 - 2017-02-01 19:51 - 01065376 _____ (Google Inc.) C:\Users\infamouspirate\Documents\ChromeSetup.exe
2017-01-29 22:25 - 2017-01-29 22:32 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-01-29 22:25 - 2017-01-29 22:32 - 00002287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-01-29 22:25 - 2017-01-29 22:32 - 00002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-01-29 22:25 - 2017-01-29 22:25 - 00002217 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2017-01-29 22:25 - 2017-01-29 22:25 - 00002103 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2017-01-29 22:22 - 2017-01-29 22:23 - 00000000 ____D C:\Users\infamouspirate\Desktop\Adobe Acrobat XI
2017-01-29 20:27 - 2017-01-29 20:27 - 00003270 _____ C:\WINDOWS\System32\Tasks\{60A6C204-8C1C-4416-B78A-CA0CF2D7FC4D}
2017-01-29 20:27 - 2017-01-29 20:27 - 00000000 ____D C:\ProgramData\Microleaves
2017-01-29 20:26 - 2017-01-29 20:26 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\AdvinstAnalytics
2017-01-29 20:24 - 2017-01-29 23:00 - 00000392 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-01-29 20:24 - 2017-01-29 23:00 - 00000340 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-01-29 20:24 - 2017-01-29 23:00 - 00000340 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-01-29 20:24 - 2017-01-29 23:00 - 00000340 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-01-29 20:24 - 2017-01-29 20:24 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-01-29 20:24 - 2017-01-29 20:24 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-01-29 20:24 - 2017-01-29 20:24 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-01-29 20:24 - 2017-01-29 20:24 - 00003280 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-01-29 20:24 - 2017-01-29 20:24 - 00003228 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-01-29 20:24 - 2017-01-29 20:24 - 00003228 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-01-29 20:24 - 2017-01-29 20:24 - 00003228 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-01-29 20:23 - 2017-02-01 23:18 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-01-29 20:23 - 2017-01-29 20:24 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-29 20:23 - 2017-01-29 20:24 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-29 20:23 - 2017-01-29 20:23 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-01-29 20:23 - 2017-01-29 20:23 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-01-29 20:23 - 2017-01-29 20:23 - 00021582 _____ C:\WINDOWS\System32\Tasks\GTFAVENUE
2017-01-29 20:23 - 2017-01-29 20:23 - 00020480 _____ C:\Users\infamouspirate\AppData\Local\drippt.dll
2017-01-29 20:23 - 2017-01-29 20:23 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-29 20:23 - 2017-01-29 20:23 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-29 20:23 - 2017-01-29 20:23 - 00000000 ____D C:\Users\infamouspirate\AppData\Roaming\Note-UP
2017-01-29 20:23 - 2017-01-29 20:23 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\CrashRpt
2017-01-29 20:22 - 2017-01-29 20:22 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\AnonymizerLauncher
2017-01-29 20:21 - 2017-01-29 20:21 - 00000770 __RSH C:\Users\infamouspirate\ntuser.pol
2017-01-29 20:16 - 2017-01-29 20:16 - 00000040 ____H C:\401E1CC6A539
2017-01-29 19:45 - 2017-01-29 19:49 - 02108424 _____ (Adobe Systems Incorporated) C:\Users\infamouspirate\Downloads\Acrobat_Pro_DC_Set-Up.exe
2017-01-29 16:20 - 2017-01-29 16:20 - 00000000 ____D C:\Users\infamouspirate\AppData\Roaming\PDAppFlex
2017-01-29 16:19 - 2017-01-29 16:19 - 02335322 _____ C:\Users\infamouspirate\Downloads\siteplan (1).pdf
2017-01-29 16:19 - 2017-01-29 16:19 - 00086704 _____ C:\Users\infamouspirate\Downloads\bill.pdf
2017-01-27 21:19 - 2016-12-21 07:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-27 21:19 - 2016-12-21 04:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-22 16:02 - 2017-01-22 16:02 - 00000000 ____D C:\ProgramData\Microsoft Visual Studio
2017-01-22 12:38 - 2017-01-22 12:38 - 00002131 _____ C:\Users\Public\Desktop\Autodesk InfraWorks 360.lnk
2017-01-22 12:38 - 2017-01-22 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk InfraWorks 360
2017-01-22 12:31 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2017-01-22 12:31 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2017-01-22 12:31 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2017-01-22 12:31 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2017-01-22 12:30 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2017-01-22 12:30 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2017-01-22 12:30 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2017-01-22 12:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2017-01-22 12:30 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-01-22 12:30 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-01-22 12:30 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-01-22 12:30 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-01-22 12:30 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-01-22 12:30 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-01-22 12:30 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-01-22 12:30 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-01-22 12:30 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-01-22 12:30 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-01-22 12:30 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-01-22 12:30 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-01-22 12:30 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-01-22 12:30 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-01-22 12:30 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-01-22 12:30 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-01-22 12:30 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-01-22 12:30 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-01-22 12:30 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-01-22 12:30 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-01-22 12:30 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-01-22 12:30 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-01-22 12:30 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-01-22 12:30 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-01-22 12:30 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-01-22 12:30 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-01-22 12:30 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-01-22 12:30 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-01-22 12:30 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-01-22 12:30 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-01-22 12:30 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-01-22 12:30 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-01-22 12:30 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-01-22 12:30 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-01-22 12:30 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-01-22 12:30 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-01-22 12:30 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-01-22 12:30 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-01-22 12:30 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-01-22 12:30 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-01-22 12:30 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-01-22 12:30 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-01-22 12:30 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-01-22 12:30 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-01-22 12:30 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-01-22 12:30 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-01-22 12:30 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-01-22 12:30 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-01-22 12:29 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-01-22 12:29 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-01-22 12:29 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-01-22 12:29 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-01-22 12:29 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-01-22 12:29 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-01-22 12:29 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-01-22 12:29 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-01-22 12:29 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-01-22 12:29 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-01-22 12:29 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-01-22 12:29 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-01-22 12:29 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-01-22 12:29 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-01-22 12:29 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-01-22 12:29 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-01-22 12:29 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-01-22 12:29 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-01-22 12:29 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-01-22 12:29 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-01-22 12:29 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-01-22 12:29 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-01-22 12:29 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-01-22 12:29 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-01-22 12:29 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-01-22 12:29 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-01-22 12:29 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-01-22 12:29 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-01-22 12:29 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-01-22 12:29 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-01-22 12:29 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-01-22 12:29 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-01-22 12:29 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-01-22 12:29 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-01-22 12:29 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-01-22 11:42 - 2017-01-22 11:42 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2017-01-18 11:38 - 2017-01-18 11:38 - 00033280 _____ C:\Users\infamouspirate\Downloads\P020170117027862701383.xls
2017-01-18 11:35 - 2017-01-18 11:35 - 00079536 _____ C:\Users\infamouspirate\Downloads\AcademicCalendar2016-2017-amendedDec.pdf
2017-01-15 14:42 - 2017-01-15 14:42 - 00001598 _____ C:\Users\infamouspirate\Downloads\launch.ica
2017-01-12 11:09 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-12 11:09 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 11:09 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-12 11:09 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-12 11:09 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 11:09 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 11:09 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-12 11:09 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 11:09 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 11:09 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 11:09 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-12 11:09 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-12 11:09 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 11:09 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 11:09 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-12 11:09 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 11:09 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-12 11:09 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 11:09 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-12 11:09 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-12 11:09 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-12 11:09 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-12 11:09 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 11:09 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-12 11:09 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 11:09 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-12 11:09 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-12 11:09 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-12 11:09 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-12 11:09 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-12 11:09 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-12 11:09 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-12 11:09 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-12 11:09 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-12 11:09 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-12 11:09 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-12 11:09 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-12 11:09 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-12 11:09 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-12 11:09 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-12 11:09 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-12 11:09 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-12 11:09 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-12 11:09 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-12 11:09 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-12 11:09 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 11:09 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 11:09 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 11:09 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-12 11:09 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-12 11:09 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-12 11:09 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 11:09 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-12 11:09 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-12 11:09 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 11:09 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-12 11:09 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-12 11:09 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-12 11:09 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-12 11:09 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-12 11:09 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-12 11:09 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-12 11:09 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-12 11:09 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-12 11:09 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-12 11:09 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-12 11:09 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-12 11:09 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-12 11:09 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-12 11:09 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-12 11:08 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 11:08 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 11:08 - 2016-12-21 07:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-12 11:08 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-12 11:08 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 11:08 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-12 11:08 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-12 11:08 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 11:08 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 11:08 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 11:08 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 11:08 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 11:08 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 11:08 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 11:08 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 11:08 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-12 11:08 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 11:08 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 11:08 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 11:08 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 11:08 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 11:08 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-12 11:08 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 11:08 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 11:08 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 11:08 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-12 11:08 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-12 11:08 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-12 11:08 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 11:08 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 11:08 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 11:08 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-12 11:08 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-12 11:08 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 11:08 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 11:08 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 11:08 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 11:08 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 11:08 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-12 11:08 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-12 11:08 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-12 11:08 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-12 11:08 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 11:08 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-12 11:08 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-12 11:08 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-12 11:08 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-12 11:08 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-12 11:08 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-12 11:08 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-12 11:08 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-12 11:08 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-12 11:08 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-12 11:08 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-12 11:08 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-12 11:08 - 2016-12-14 05:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-12 11:08 - 2016-12-14 05:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-12 11:08 - 2016-12-14 05:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-12 11:08 - 2016-12-14 05:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-12 11:08 - 2016-12-14 05:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-12 11:08 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 11:08 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-12 11:08 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-12 11:08 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-12 11:08 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 11:08 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 11:08 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-12 11:08 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-12 11:08 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-12 11:08 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-12 11:08 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-12 11:08 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-12 11:08 - 2016-12-14 04:42 - 00384000 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-01-12 11:08 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-12 11:08 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 11:08 - 2016-12-14 04:41 - 00362496 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-01-12 11:08 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 11:08 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-12 11:08 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 11:08 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-12 11:08 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 11:08 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 11:08 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 11:08 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 11:08 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 11:08 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-12 11:08 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-12 11:08 - 2016-12-14 04:35 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-01-12 11:08 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-12 11:08 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-12 11:08 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-12 11:08 - 2016-12-14 04:25 - 02795520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-12 11:08 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 11:08 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-12 11:08 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-12 11:08 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-12 11:08 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-12 11:08 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-12 11:08 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-12 11:08 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-12 11:08 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 22:04 - 2017-01-10 22:04 - 00887856 _____ C:\Users\infamouspirate\Desktop\h2020-wp1617-focus_en.pdf
2017-01-10 22:01 - 2017-01-10 22:01 - 00119992 _____ C:\Users\infamouspirate\Downloads\SparkcoCam_invoice.pdf
2017-01-10 22:00 - 2017-01-10 22:01 - 17146743 _____ C:\Users\infamouspirate\Downloads\James Hutton Institute eLecture LeNotre_RELY.pptx
2017-01-10 22:00 - 2017-01-10 22:00 - 00441156 _____ C:\Users\infamouspirate\Downloads\TRR_form_signed_copy.pdf
2017-01-10 15:07 - 2017-01-10 15:07 - 01243066 _____ C:\Users\infamouspirate\Desktop\h2020-wp1617-food_en.pdf
2017-01-09 17:45 - 2017-01-09 17:45 - 00169587 _____ C:\Users\infamouspirate\Downloads\FFL_H0975_BIL_212120_286954.PDF
2017-01-09 11:08 - 2017-01-09 11:08 - 00000279 _____ C:\Users\infamouspirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-01-06 18:50 - 2017-01-06 18:50 - 00100231 _____ C:\Users\infamouspirate\Downloads\Boarding_Pass_BA0169_LHR_PVG_142.pdf
2017-01-06 18:50 - 2017-01-06 18:50 - 00059307 _____ C:\Users\infamouspirate\Downloads\Boarding_Pass_BA1305_ABZ_LHR_086.pdf
2017-01-03 13:50 - 2017-01-03 13:50 - 03880949 _____ C:\Users\infamouspirate\Downloads\Visualisation techniques to support public interpretation of future climate change and land use choices a case study from N E Scotland.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 18:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-02 18:31 - 2015-05-28 12:08 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\Akamai
2017-02-02 18:30 - 2016-09-27 17:46 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2017-02-02 18:30 - 2015-10-28 16:31 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\Oculus
2017-02-01 21:22 - 2016-11-26 21:00 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\CrashDumps
2017-02-01 21:21 - 2015-07-25 21:54 - 00005780 _____ C:\Users\infamouspirate\Desktop\New Text Document (2).txt
2017-02-01 20:49 - 2016-09-27 17:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-01 19:52 - 2015-03-13 00:16 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\Google
2017-02-01 19:52 - 2015-03-13 00:16 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-01 18:04 - 2016-09-27 17:51 - 00000000 ____D C:\Users\infamouspirate
2017-02-01 16:59 - 2016-09-27 18:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-01 16:59 - 2016-09-27 17:45 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-01 16:59 - 2016-01-19 16:28 - 00000670 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-48778301-2770824000-1803785223-1000.job
2017-02-01 16:59 - 2016-01-19 16:28 - 00000574 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-48778301-2770824000-1803785223-1000.job
2017-02-01 16:58 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-01 10:13 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-30 22:13 - 2016-09-27 18:37 - 00003844 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-48778301-2770824000-1803785223-1000
2017-01-30 22:13 - 2016-09-27 18:37 - 00003748 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-48778301-2770824000-1803785223-1000
2017-01-29 23:00 - 2016-09-27 17:42 - 05088120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-29 22:41 - 2015-03-13 21:56 - 00000000 ____D C:\Users\infamouspirate\AppData\LocalLow\Adobe
2017-01-29 22:27 - 2015-03-13 21:12 - 00000000 ____D C:\Users\infamouspirate\AppData\Local\Adobe
2017-01-29 22:26 - 2015-03-13 21:13 - 00000000 ____D C:\Users\infamouspirate\AppData\Roaming\Adobe
2017-01-29 22:25 - 2015-03-13 21:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-29 22:25 - 2015-03-13 21:13 - 00000000 ____D C:\ProgramData\Adobe
2017-01-29 22:09 - 2016-11-01 10:20 - 00000034 _____ C:\Users\infamouspirate\AppData\Roaming\AdobeWLCMCache.dat
2017-01-29 22:09 - 2015-03-13 21:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-29 20:21 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-29 20:21 - 2009-07-14 03:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-29 20:18 - 2016-09-28 11:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-29 20:17 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-29 15:44 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-29 15:10 - 2015-10-28 17:22 - 00000000 ____D C:\Users\infamouspirate\Documents\Visual Studio 2015
2017-01-27 21:10 - 2016-12-16 20:32 - 00003294 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 21:10 - 2015-08-06 13:40 - 00002428 _____ C:\Users\infamouspirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 21:10 - 2015-08-06 13:40 - 00000000 ___RD C:\Users\infamouspirate\OneDrive
2017-01-22 13:45 - 2015-03-13 23:32 - 00000000 ____D C:\Program Files (x86)\Autodesk
2017-01-22 13:45 - 2015-03-13 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2017-01-22 13:45 - 2015-03-13 23:05 - 00000000 ____D C:\ProgramData\Autodesk
2017-01-22 12:35 - 2015-03-13 23:11 - 00000000 ____D C:\Program Files\Autodesk
2017-01-22 11:43 - 2016-12-04 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 11:43 - 2015-04-03 09:26 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 11:43 - 2015-04-03 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 11:43 - 2015-04-03 09:26 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-22 11:42 - 2016-12-04 19:55 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-22 11:42 - 2016-12-04 19:54 - 00000000 ____D C:\Program Files\Java
2017-01-22 11:41 - 2015-04-03 09:26 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-22 11:33 - 2016-04-29 13:13 - 00000000 ____D C:\Users\infamouspirate\AppData\Roaming\Autodesk
2017-01-13 13:48 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 21:14 - 2015-08-06 13:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 21:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-12 20:46 - 2015-03-13 00:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-12 20:40 - 2016-04-23 09:50 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 18:05 - 2015-10-15 10:53 - 00004678 _____ C:\Users\infamouspirate\Desktop\New Text Document (3).txt

==================== Files in the root of some directories =======

2016-11-01 10:20 - 2017-01-29 22:09 - 0000034 _____ () C:\Users\infamouspirate\AppData\Roaming\AdobeWLCMCache.dat
2016-06-19 21:29 - 2016-06-19 21:29 - 0000046 _____ () C:\Users\infamouspirate\AppData\Roaming\CoreAVC.ini
2016-12-07 17:27 - 2016-12-07 17:43 - 0001456 _____ () C:\Users\infamouspirate\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-29 20:23 - 2017-01-29 20:23 - 0020480 _____ () C:\Users\infamouspirate\AppData\Local\drippt.dll
2016-09-27 17:46 - 2016-09-27 17:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-11 10:52 - 2016-11-11 10:52 - 0010218 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag

Some files in TEMP:
====================
2016-09-28 11:43 - 2016-02-23 06:10 - 0066496 _____ (Autodesk, Inc.) C:\Users\infamouspirate\AppData\Local\Temp\AcDeltree.exe
2017-01-29 22:29 - 2017-01-29 22:45 - 0009728 _____ () C:\Users\infamouspirate\AppData\Local\Temp\bassmod.dll
2016-09-28 08:53 - 2016-07-04 14:16 - 24689920 _____ (MSI                                                         ) C:\Users\infamouspirate\AppData\Local\Temp\Command Center.exe
2016-12-08 23:20 - 2016-08-10 13:25 - 0092536 _____ (ShenZhen Xunlei Networking Technologies,LTD) C:\Users\infamouspirate\AppData\Local\Temp\dl_peer_id.dll
2016-10-24 18:38 - 2016-10-24 18:38 - 0737856 _____ (Oracle Corporation) C:\Users\infamouspirate\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-22 11:39 - 2017-01-22 11:39 - 0739904 _____ (Oracle Corporation) C:\Users\infamouspirate\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-04-21 18:01 - 2016-03-19 02:47 - 0841248 _____ (NVIDIA Corporation) C:\Users\infamouspirate\AppData\Local\Temp\nvSCPAPI64.dll
2016-11-21 22:17 - 2016-03-19 02:47 - 0325176 _____ (NVIDIA Corporation) C:\Users\infamouspirate\AppData\Local\Temp\nvStInst.exe
2016-12-03 10:04 - 2016-12-03 10:04 - 0043520 ____N () C:\Users\infamouspirate\AppData\Local\Temp\proxy_vole4038439401747275332.dll
2016-12-11 09:18 - 2016-12-11 09:18 - 10592160 _____ (ShenZhen Thunder Networking Technologies,Ltd.) C:\Users\infamouspirate\AppData\Local\Temp\XLDapCodecsLite.exe
2016-12-08 23:20 - 2016-08-10 13:25 - 0225664 _____ (深圳市迅雷网络技术有限公司) C:\Users\infamouspirate\AppData\Local\Temp\XmpSetupHelper.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-31 02:28

==================== End of FRST.txt ============================


Edited by hamluis, 03 February 2017 - 08:34 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 03 February 2017 - 10:18 AM

Duplicate topic.

I recently replied to your previous post.

Please do not create additional topic on this same issue. Reply in the other topic. This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users