Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Keylogged? Many accounts getting hacked and notifying me via email


  • This topic is locked This topic is locked
6 replies to this topic

#1 Kevin3310

Kevin3310

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 07 April 2017 - 05:22 AM

Good evening,

 I haven't done this in a while so excuse me if I have done something improperly when posting this topic. It appears some malware is logging almost ALL my internet passwords. I've gotten an email every week or so that something has been hacked. I've had 2 credit card accounts, Facebook, Instagram, email, youtube, ebay, and even a "Teamview account password change" (An account I've never made). And this may be irrelevant but I'm also unable to search for files in my start menu, or any explorer windows. Here's my logs. If there's anything I can do, don't hesitate to ask! 

 

Thank You.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Hong (administrator) on HONG-HP (07-04-2017 00:07:54)
Running from C:\Users\Hong\Desktop\Virus cleaning Crap
Loaded Profiles: Hong (Available Profiles: Hong & GuestUser & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Hong\AppData\Local\FluxSoftware\Flux\flux.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] => C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [933640 2012-01-19] (ABBYY.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SilentCleanService] => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\...\Run: [f.lux] => C:\Users\Hong\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.)
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KeyCrypt64(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2015-11-05] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KeyCrypt32(1).dll => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2015-11-05] (Zemana Ltd.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {b973655f-b823-3729-abea-e88cb316ddd4} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {a316141f-fa66-334c-8d40-a8f4e6d21080} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {a74ad9e8-37eb-31db-9026-8eda10d85860} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {c3de22fc-b307-320f-ba41-27d95101bbf3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-02-09]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-11-06]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{FAF90A6C-9B2F-4ACA-B4DB-3A460B93D35D}: [DhcpNameServer] 192.168.200.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {25F8E43D-2940-4725-9441-2662939B27A8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-11] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-11] (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
 
FireFox:
========
FF ProfilePath: 04277665 [not found]
FF DefaultProfile: d0kc7ej2.default-1354911526196
FF DefaultProfile: a1c0q9sg.default
FF ProfilePath: C:\Users\Hong\AppData\Roaming\Mozilla\Firefox\Profiles\d0kc7ej2.default-1354911526196 [2017-04-06]
FF Extension: (Firefox Hotfix) - C:\Users\Hong\AppData\Roaming\Mozilla\Firefox\Profiles\d0kc7ej2.default-1354911526196\Extensions\firefox-hotfix@mozilla.org.xpi [2017-02-04]
FF Extension: (FF Secure) - C:\Users\Hong\AppData\Roaming\Mozilla\Firefox\Profiles\d0kc7ej2.default-1354911526196\Extensions\jid1-yhyb03AEVBwcGw@jetpack.xpi [2015-07-09] [not signed]
FF Extension: (EPUBReader) - C:\Users\Hong\AppData\Roaming\Mozilla\Firefox\Profiles\d0kc7ej2.default-1354911526196\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2017-03-06]
FF Extension: (Adblock Plus) - C:\Users\Hong\AppData\Roaming\Mozilla\Firefox\Profiles\d0kc7ej2.default-1354911526196\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-04]
FF ProfilePath: C:\Users\Hong\AppData\Roaming\Infogrid Pacific Pte. Ltd\AZARDI-2.0\Profiles\a1c0q9sg.default [2016-07-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-04] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2012-04-11] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3354874412-3115551999-2944501906-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Hong\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.facebook.com/
CHR Profile: C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Profile: C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-04-06]
CHR Profile: C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-02]
CHR Extension: (Adblock Plus) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-21]
CHR Extension: (uBlock Origin) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR Profile: C:\Users\Hong\AppData\Local\Google\Chrome\User Data\System Profile [2017-04-06]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-05-19] (Box, Inc.)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-01-18] (Fork, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-30] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-30] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-10] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-05-31] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-05-30] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-09-20] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-27] (DT Soft Ltd)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-06-01] (Razer, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-07 00:05 - 2017-04-07 00:07 - 00000000 ____D C:\FRST
2017-04-06 23:58 - 2017-04-06 23:58 - 00000000 ____H C:\ProgramData\cm-lock
2017-04-06 03:24 - 2017-04-06 03:24 - 01669419 _____ C:\Users\Hong\Downloads\ssm.pdf
2017-04-05 14:32 - 2017-04-05 14:32 - 00000000 ____D C:\Users\Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-04-03 19:14 - 2017-04-03 19:14 - 00000000 ____D C:\Users\Hong\AppData\Local\{B56C5EBB-3ACC-492A-A024-E116D46445CE}
2017-04-02 15:34 - 2017-04-02 15:34 - 00036783 _____ C:\ComboFix.txt
2017-04-02 15:12 - 2017-04-02 15:13 - 00016286 _____ C:\TDSSKiller.3.1.0.12_02.04.2017_15.12.57_log.txt
2017-04-02 15:11 - 2017-04-02 15:12 - 00005072 _____ C:\TDSSKiller.3.1.0.12_02.04.2017_15.11.55_log.txt
2017-04-02 03:58 - 2017-04-02 03:58 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-04-02 03:58 - 2017-04-02 03:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-04-02 03:58 - 2017-04-02 03:58 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-04-02 03:54 - 2017-04-02 03:54 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-02 03:54 - 2017-04-02 03:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-02 03:53 - 2017-04-02 03:54 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-02 03:32 - 2017-04-02 03:32 - 00000000 ____D C:\Users\Hong\AppData\Local\Zemana
2017-04-02 03:32 - 2017-04-02 03:32 - 00000000 ____D C:\Users\Hong\AppData\Local\AntiLogger Free
2017-04-02 03:32 - 2017-04-02 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2017-04-02 03:32 - 2017-04-02 03:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2017-04-02 03:32 - 2017-04-02 03:32 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2017-04-02 03:32 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2017-04-02 03:23 - 2017-04-02 03:33 - 00000057 _____ C:\Users\Hong\Documents\document record.txt
2017-03-24 20:10 - 2017-03-24 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 19:21 - 2017-03-24 19:21 - 00000000 ____D C:\Users\GuestUser\AppData\Local\Dropbox
2017-03-24 01:59 - 2017-03-13 14:51 - 01663904 _____ (Malwarebytes) C:\Users\Hong\Desktop\JRT.exe
2017-03-24 01:58 - 2017-03-24 02:02 - 00219148 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_01.58.55_log.txt
2017-03-24 01:58 - 2017-03-24 01:58 - 00005164 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_01.58.08_log.txt
2017-03-24 01:57 - 2017-03-24 01:57 - 00000368 _____ C:\TDSSKiller.3.1.0.5_24.03.2017_01.57.00_log.txt
2017-03-23 01:20 - 2017-03-23 01:20 - 00000000 ____D C:\Windows\Trend Micro
2017-03-23 01:20 - 2017-03-23 01:20 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-23 01:17 - 2017-03-23 01:17 - 00000036 _____ C:\Users\Hong\AppData\Local\housecall.guid.cache
2017-03-23 01:17 - 2016-08-22 09:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-03-23 01:15 - 2017-03-23 01:15 - 00000000 ____D C:\Users\Hong\AppData\Local\ESET
2017-03-20 01:40 - 2014-08-28 16:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-03-20 01:40 - 2014-05-07 23:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-03-20 01:35 - 2017-03-20 01:35 - 00001198 _____ C:\Users\Public\Desktop\Duplicate File Detective 6.lnk
2017-03-20 01:35 - 2017-03-20 01:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate File Detective 6
2017-03-20 01:35 - 2017-03-20 01:35 - 00000000 ____D C:\ProgramData\Key Metric Software
2017-03-20 01:35 - 2017-03-20 01:35 - 00000000 ____D C:\Program Files\Key Metric Software
2017-03-20 01:33 - 2017-03-20 01:33 - 00000000 ____D C:\Users\Hong\AppData\Roaming\Key Metric Software
2017-03-20 01:31 - 2017-03-20 01:32 - 00000000 ____D C:\Users\Hong\Downloads\Duplicate File Detective 6.0.84 - UltraPrime
2017-03-20 00:56 - 2017-03-20 00:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-20 00:56 - 2017-03-20 00:56 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-19 20:36 - 2015-07-30 03:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-03-19 20:36 - 2015-07-30 03:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-03-19 20:23 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-03-19 20:04 - 2017-03-19 20:04 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-19 20:04 - 2017-03-19 20:04 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-19 20:04 - 2017-03-19 20:04 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2017-03-19 20:04 - 2017-03-19 20:04 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-03-19 20:04 - 2017-03-19 20:04 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-19 20:04 - 2017-03-19 20:04 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-19 20:04 - 2017-03-19 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-03-19 20:04 - 2017-03-19 20:04 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-03-19 20:04 - 2017-03-19 20:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-03-19 20:04 - 2017-03-19 20:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-03-19 20:04 - 2017-03-19 20:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-03-19 20:03 - 2017-03-19 20:04 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-19 20:03 - 2017-03-19 20:03 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-19 20:03 - 2017-03-19 20:03 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-03-19 20:03 - 2017-03-19 20:03 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-03-19 20:03 - 2017-03-19 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-19 19:28 - 2013-10-01 16:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-03-19 19:28 - 2013-10-01 16:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-03-19 19:28 - 2013-10-01 16:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-03-19 19:28 - 2013-10-01 15:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-03-19 19:28 - 2013-10-01 15:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-03-19 19:28 - 2013-10-01 15:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-03-19 19:28 - 2013-10-01 15:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-03-19 19:28 - 2013-10-01 14:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-03-19 19:28 - 2013-10-01 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-03-19 19:28 - 2013-10-01 14:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-03-19 19:28 - 2013-10-01 14:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-03-19 19:28 - 2013-10-01 14:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-03-19 19:28 - 2013-10-01 13:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-03-19 19:28 - 2013-10-01 13:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-03-19 19:28 - 2013-10-01 13:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-03-19 19:28 - 2013-10-01 12:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-03-19 19:28 - 2013-10-01 10:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-03-19 19:28 - 2013-10-01 10:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-03-19 17:14 - 2012-08-23 04:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-03-19 17:14 - 2012-08-23 04:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-03-19 17:14 - 2012-08-23 04:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2017-03-19 17:14 - 2012-08-23 01:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-03-19 17:14 - 2012-08-23 00:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-03-19 15:42 - 2015-12-16 08:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-03-19 15:42 - 2015-12-16 08:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-03-19 15:42 - 2015-12-16 08:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-03-19 15:42 - 2015-12-16 08:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-03-19 15:42 - 2015-12-16 08:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-03-19 15:42 - 2015-12-16 08:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-03-19 15:42 - 2015-08-05 07:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-03-19 15:42 - 2015-08-05 07:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-03-19 14:38 - 2016-03-16 08:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-03-19 14:38 - 2016-03-16 08:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-03-19 14:38 - 2016-03-16 08:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-03-19 14:38 - 2016-02-02 08:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-03-19 14:38 - 2015-11-13 13:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-03-19 14:38 - 2015-11-13 13:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-03-19 14:38 - 2015-11-13 13:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-03-19 14:38 - 2015-11-13 12:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-03-19 14:38 - 2015-11-13 12:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-03-19 14:38 - 2015-11-13 12:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-03-19 14:38 - 2015-08-05 07:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-03-19 14:38 - 2015-06-01 14:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2017-03-19 14:38 - 2015-06-01 13:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2017-03-19 14:38 - 2015-04-12 17:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-03-19 14:37 - 2016-03-17 12:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-03-19 14:37 - 2016-03-17 12:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-03-19 14:37 - 2015-07-15 08:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2017-03-19 14:36 - 2016-06-25 14:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-03-19 14:36 - 2016-06-25 14:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-03-19 14:36 - 2016-06-25 14:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-03-19 14:36 - 2016-06-25 14:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-03-19 14:36 - 2016-06-25 09:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-03-19 14:36 - 2016-06-25 09:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-03-19 14:36 - 2016-06-25 09:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-03-19 14:36 - 2016-06-25 09:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-03-19 14:36 - 2016-01-20 14:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-03-19 14:36 - 2015-11-19 04:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-03-19 14:36 - 2015-11-19 04:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-03-19 14:36 - 2015-05-25 08:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-03-19 14:36 - 2015-05-25 08:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-03-19 14:36 - 2015-05-25 08:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-03-19 14:36 - 2015-05-25 08:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-03-19 14:36 - 2015-05-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-03-19 14:36 - 2015-05-25 08:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-03-19 14:36 - 2015-05-25 08:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-03-19 14:36 - 2015-05-25 08:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-03-19 14:36 - 2015-05-25 08:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-03-19 14:36 - 2015-05-25 08:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-03-19 14:36 - 2015-05-25 08:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-03-19 14:36 - 2015-05-25 08:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-03-19 14:36 - 2012-01-04 00:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-03-19 14:36 - 2012-01-03 22:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2017-03-19 14:35 - 2016-04-08 21:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-19 14:35 - 2016-04-08 21:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-03-19 14:35 - 2016-04-08 20:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-03-19 14:35 - 2016-02-12 08:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-03-19 14:35 - 2016-02-12 08:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-03-19 14:35 - 2016-02-12 08:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-03-19 14:35 - 2016-02-12 08:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-03-19 14:35 - 2016-02-12 08:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-03-19 14:35 - 2016-02-12 08:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-03-19 14:35 - 2016-02-12 08:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-03-19 14:35 - 2016-02-12 08:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-03-19 14:35 - 2016-02-12 08:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-03-19 14:35 - 2016-02-12 08:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-03-19 14:35 - 2016-02-12 08:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-03-19 14:35 - 2016-02-12 08:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-03-19 14:35 - 2016-02-12 08:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-03-19 14:35 - 2016-02-12 08:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-03-19 14:35 - 2016-02-12 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-03-19 14:35 - 2016-02-12 08:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-03-19 14:35 - 2016-01-11 09:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-03-19 14:35 - 2015-07-14 17:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-03-19 14:35 - 2015-07-09 07:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-03-19 14:35 - 2015-07-09 07:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-03-19 14:35 - 2015-07-09 07:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-03-19 14:35 - 2015-07-09 07:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-03-19 14:35 - 2015-01-28 17:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2017-03-19 14:35 - 2015-01-28 17:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2017-03-19 14:35 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2017-03-19 14:35 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2017-03-19 14:35 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2017-03-19 14:35 - 2014-07-08 16:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2017-03-19 14:35 - 2014-07-08 16:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2017-03-19 14:35 - 2014-07-08 15:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2017-03-19 14:35 - 2014-07-08 15:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2017-03-19 14:35 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2017-03-19 14:35 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2017-03-19 14:35 - 2014-07-08 15:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2017-03-19 14:35 - 2011-12-29 20:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2017-03-19 14:35 - 2011-12-29 19:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2017-03-19 14:34 - 2016-07-07 05:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-03-19 14:34 - 2016-07-07 05:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-03-19 14:34 - 2016-07-07 05:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-03-19 14:34 - 2016-07-07 05:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-03-19 14:34 - 2016-03-15 14:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-03-19 14:34 - 2016-03-15 14:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-03-19 14:34 - 2016-03-15 13:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-03-19 14:34 - 2016-02-05 08:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-03-19 14:34 - 2016-02-05 08:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-03-19 14:34 - 2016-02-05 07:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-03-19 14:34 - 2016-02-04 15:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-03-19 14:34 - 2016-02-04 08:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-03-19 14:34 - 2016-02-03 08:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-03-19 14:34 - 2015-11-11 08:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-03-19 14:34 - 2015-11-11 08:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-03-19 14:34 - 2015-11-11 08:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-03-19 14:34 - 2015-11-11 08:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-03-19 14:34 - 2015-11-05 09:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-03-19 14:34 - 2015-11-05 09:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2017-03-19 14:34 - 2015-11-04 23:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-03-19 14:34 - 2015-10-13 06:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-03-19 14:34 - 2015-10-13 06:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-03-19 14:34 - 2015-07-30 08:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-03-19 14:34 - 2015-07-30 07:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-03-19 14:34 - 2015-06-03 10:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-03-19 14:34 - 2015-04-24 08:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2017-03-19 14:34 - 2015-04-24 07:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2017-03-19 14:33 - 2015-10-29 07:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-03-19 14:33 - 2015-10-29 07:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-03-19 14:33 - 2015-10-29 07:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-03-19 14:33 - 2015-10-29 07:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-03-19 14:33 - 2015-10-29 07:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-03-19 14:33 - 2015-10-29 07:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-03-19 14:33 - 2015-10-29 07:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-03-19 14:33 - 2015-07-22 14:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-03-19 14:33 - 2015-07-22 07:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-03-19 14:32 - 2017-02-11 05:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-19 14:32 - 2017-02-11 05:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-19 14:32 - 2017-02-11 05:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-19 14:32 - 2017-02-10 06:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-19 14:32 - 2017-02-10 06:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-19 14:32 - 2017-02-10 06:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-19 14:32 - 2017-02-10 06:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-19 14:32 - 2017-02-10 04:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-19 14:32 - 2017-02-09 06:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-19 14:32 - 2017-02-09 06:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-19 14:32 - 2017-02-09 06:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-19 14:32 - 2017-02-09 06:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-19 14:32 - 2017-02-09 06:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-19 14:32 - 2017-02-09 06:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-19 14:32 - 2017-02-09 06:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-19 14:32 - 2017-02-09 06:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-19 14:32 - 2017-02-09 06:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 06:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-19 14:32 - 2017-02-09 06:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-19 14:32 - 2017-02-09 06:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-19 14:32 - 2017-02-09 06:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-19 14:32 - 2017-02-09 06:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-19 14:32 - 2017-02-09 05:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-19 14:32 - 2017-02-09 05:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-19 14:32 - 2017-02-09 05:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-19 14:32 - 2017-02-09 05:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-19 14:32 - 2017-02-09 05:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-19 14:32 - 2017-02-09 05:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-19 14:32 - 2017-02-09 05:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-19 14:32 - 2017-02-09 05:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-19 14:32 - 2017-02-09 05:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-19 14:32 - 2017-02-09 05:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-19 14:32 - 2017-02-09 05:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-19 14:32 - 2017-02-09 05:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-19 14:32 - 2017-02-09 05:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-19 14:32 - 2017-02-09 05:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-19 14:32 - 2017-02-09 05:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 05:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 05:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 05:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-19 14:32 - 2017-02-09 04:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-19 14:32 - 2017-02-09 04:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-19 14:32 - 2017-02-06 06:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-19 14:32 - 2017-01-13 08:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-19 14:32 - 2017-01-13 08:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-19 14:32 - 2017-01-13 07:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-19 14:32 - 2017-01-13 07:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-19 14:32 - 2017-01-11 08:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-19 14:32 - 2017-01-11 08:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-19 14:32 - 2017-01-11 07:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-19 14:32 - 2017-01-11 07:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-19 14:32 - 2017-01-06 08:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-19 14:32 - 2017-01-06 07:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-19 14:32 - 2016-11-21 08:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-03-19 14:32 - 2016-11-20 06:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-03-19 14:32 - 2016-11-20 04:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-19 14:32 - 2016-11-17 06:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-03-19 14:32 - 2016-11-10 06:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-03-19 14:32 - 2016-11-10 06:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-03-19 14:32 - 2016-11-09 06:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-03-19 14:32 - 2016-11-09 06:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-03-19 14:32 - 2016-11-09 06:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-03-19 14:32 - 2016-11-09 06:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-03-19 14:32 - 2016-11-09 06:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-03-19 14:32 - 2016-11-09 06:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-03-19 14:32 - 2016-11-09 06:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-03-19 14:32 - 2016-11-09 06:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-03-19 14:32 - 2016-11-09 06:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-03-19 14:32 - 2016-11-09 06:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-03-19 14:32 - 2016-11-09 06:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-03-19 14:32 - 2016-11-09 06:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-03-19 14:32 - 2016-11-09 06:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-03-19 14:32 - 2016-11-09 05:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-03-19 14:32 - 2016-11-02 05:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-03-19 14:32 - 2016-11-02 05:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-03-19 14:32 - 2016-11-02 05:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-03-19 14:32 - 2016-11-02 05:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-03-19 14:32 - 2016-11-02 05:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-03-19 14:32 - 2016-11-02 05:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-03-19 14:32 - 2016-11-02 05:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-03-19 14:32 - 2016-11-02 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-03-19 14:32 - 2016-11-02 05:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-03-19 14:32 - 2016-11-02 04:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-03-19 14:32 - 2016-10-11 05:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-03-19 14:32 - 2016-10-11 05:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-03-19 14:32 - 2016-10-11 05:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-03-19 14:32 - 2016-10-11 05:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-03-19 14:32 - 2016-10-11 05:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-03-19 14:32 - 2016-10-11 05:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-03-19 14:32 - 2016-10-11 05:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-03-19 14:32 - 2016-10-11 05:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-03-19 14:32 - 2016-10-11 05:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-03-19 14:32 - 2016-10-11 05:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-03-19 14:32 - 2016-10-11 05:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-03-19 14:32 - 2016-10-11 05:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-03-19 14:32 - 2016-10-11 04:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-03-19 14:32 - 2016-10-11 03:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-03-19 14:32 - 2016-10-11 03:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-03-19 14:32 - 2016-10-11 03:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-03-19 14:32 - 2016-10-11 03:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-03-19 14:32 - 2016-10-08 03:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-19 14:32 - 2016-10-07 05:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-03-19 14:32 - 2016-10-07 05:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-03-19 14:32 - 2016-10-07 05:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-03-19 14:32 - 2016-10-07 05:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-03-19 14:32 - 2016-10-07 05:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-03-19 14:32 - 2016-10-07 05:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-03-19 14:32 - 2016-10-05 04:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-03-19 14:32 - 2016-10-04 05:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-03-19 14:32 - 2016-10-04 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-03-19 14:32 - 2016-10-04 05:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-03-19 14:32 - 2016-10-04 05:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-03-19 14:32 - 2016-10-04 05:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-03-19 14:32 - 2016-10-04 05:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-03-19 14:32 - 2016-10-04 05:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-03-19 14:32 - 2016-10-04 05:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-03-19 14:32 - 2016-09-15 04:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-03-19 14:32 - 2016-09-12 11:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-03-19 14:32 - 2016-09-12 10:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-03-19 14:32 - 2016-09-09 08:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-03-19 14:32 - 2016-09-09 08:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-03-19 14:32 - 2016-09-08 10:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-03-19 14:32 - 2016-09-08 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-03-19 14:32 - 2016-09-08 10:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-03-19 14:32 - 2016-09-08 10:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-03-19 14:32 - 2016-09-08 04:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-03-19 14:32 - 2016-09-08 04:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-03-19 14:32 - 2016-08-22 06:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-03-19 14:32 - 2016-08-12 07:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-03-19 14:32 - 2016-08-12 07:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-03-19 14:32 - 2016-08-12 07:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-03-19 14:32 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-03-19 14:32 - 2016-08-12 07:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-03-19 14:32 - 2016-08-12 06:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-03-19 14:32 - 2016-08-12 06:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-03-19 14:32 - 2016-08-12 06:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-03-19 14:32 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-03-19 14:32 - 2016-08-12 06:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-03-19 14:32 - 2016-08-12 06:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-03-19 14:32 - 2016-08-06 05:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-03-19 14:32 - 2016-08-06 05:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-03-19 14:32 - 2016-08-06 05:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-03-19 14:32 - 2016-08-06 05:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-03-19 14:32 - 2016-08-06 05:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-03-19 14:32 - 2016-08-06 05:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-03-19 14:32 - 2016-08-06 05:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-03-19 14:32 - 2016-08-06 05:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-03-19 14:32 - 2016-08-06 04:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-03-19 14:32 - 2016-08-06 04:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-03-19 14:32 - 2016-08-06 04:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-03-19 14:32 - 2016-06-14 07:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-03-19 14:32 - 2016-06-14 07:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-03-19 14:32 - 2016-06-14 07:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-03-19 14:32 - 2016-06-14 07:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-03-19 14:32 - 2016-06-14 05:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-03-19 14:32 - 2016-06-14 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-03-19 14:32 - 2016-06-14 05:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-03-19 14:32 - 2016-06-14 05:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-03-19 14:32 - 2016-06-14 05:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-03-19 14:32 - 2016-06-14 05:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-03-19 14:32 - 2016-06-14 05:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-03-19 14:32 - 2016-06-14 05:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-03-19 14:32 - 2016-06-14 05:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-03-19 14:32 - 2016-05-12 03:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-03-19 14:32 - 2016-05-12 03:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-03-19 14:32 - 2016-03-23 12:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-19 14:31 - 2016-05-11 07:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-03-19 14:31 - 2015-07-09 07:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-03-19 14:31 - 2015-07-09 07:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-03-19 14:31 - 2015-07-09 07:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-03-19 14:31 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-03-19 14:31 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-03-19 14:30 - 2017-02-22 13:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-19 14:30 - 2017-02-22 13:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-19 14:30 - 2017-02-18 04:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-19 14:30 - 2017-02-18 04:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-19 14:30 - 2016-12-31 05:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-19 14:30 - 2016-12-31 05:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-19 14:30 - 2016-12-31 05:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-19 14:30 - 2016-12-31 05:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-19 14:30 - 2016-12-31 05:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-19 14:30 - 2016-08-29 05:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-03-19 14:30 - 2016-08-29 05:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-03-19 14:30 - 2016-08-29 05:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-03-19 14:30 - 2016-08-29 05:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-03-19 14:30 - 2016-08-29 05:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-03-19 14:30 - 2016-08-29 04:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-03-19 14:30 - 2016-05-12 07:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-03-19 14:30 - 2016-05-12 07:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-03-19 14:30 - 2016-05-12 07:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-03-19 14:30 - 2016-05-12 07:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-03-19 14:30 - 2016-05-12 07:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-03-19 14:30 - 2016-05-12 07:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-03-19 14:30 - 2016-05-12 05:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-03-19 14:30 - 2016-05-12 05:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-03-19 14:30 - 2016-05-12 05:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-03-19 14:30 - 2016-05-12 05:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-03-19 14:30 - 2016-05-11 05:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-03-19 14:30 - 2016-04-14 03:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-03-19 14:30 - 2016-04-14 03:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-03-19 14:30 - 2016-03-23 12:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-03-19 14:30 - 2016-02-08 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-03-19 14:30 - 2015-12-08 11:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-03-19 14:30 - 2015-12-08 11:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-03-19 14:30 - 2015-12-08 11:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-03-19 14:30 - 2015-12-08 11:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-03-19 14:30 - 2015-12-08 11:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-03-19 14:30 - 2015-12-08 11:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-03-19 14:30 - 2015-12-08 11:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-03-19 14:30 - 2015-12-08 11:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-03-19 14:30 - 2015-12-08 11:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-03-19 14:30 - 2015-12-08 11:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-03-19 14:30 - 2015-12-08 11:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-03-19 14:30 - 2015-12-08 09:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-03-19 14:30 - 2015-12-08 09:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-03-19 14:30 - 2015-12-08 09:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-03-19 14:30 - 2015-12-08 08:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-03-19 14:30 - 2015-12-08 08:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-03-19 14:30 - 2015-12-08 08:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-03-19 14:30 - 2015-08-27 08:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-03-19 14:30 - 2015-08-27 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-03-19 14:30 - 2015-08-27 07:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-03-19 14:30 - 2015-08-27 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-03-19 14:30 - 2015-04-10 17:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2017-03-19 14:30 - 2015-02-24 17:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-03-19 14:30 - 2012-08-21 11:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2017-03-19 14:30 - 2012-07-06 10:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2017-03-19 14:29 - 2016-05-11 07:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-03-19 14:29 - 2016-05-11 07:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-03-19 14:29 - 2016-05-11 07:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-03-19 14:29 - 2016-05-11 05:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-03-19 14:29 - 2016-05-11 05:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-03-19 14:29 - 2016-05-11 05:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-03-19 14:29 - 2016-05-11 05:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-03-19 14:29 - 2016-05-11 05:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-03-19 14:29 - 2016-05-11 04:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-03-19 14:29 - 2016-03-09 08:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-03-19 14:29 - 2016-03-09 08:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-03-19 14:29 - 2016-01-21 20:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-03-19 14:29 - 2016-01-21 20:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-03-19 14:29 - 2016-01-21 20:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-03-19 14:29 - 2016-01-21 20:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-03-19 14:29 - 2015-10-12 18:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-03-19 14:29 - 2012-03-16 21:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2017-03-19 14:28 - 2016-04-08 18:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-03-19 14:28 - 2016-04-08 17:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-03-19 14:28 - 2016-03-09 09:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-03-19 14:28 - 2016-03-09 08:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-03-19 14:28 - 2015-11-03 09:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-03-19 14:28 - 2015-11-03 08:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-03-19 14:28 - 2015-03-03 18:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2017-03-19 14:28 - 2015-03-03 18:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2017-03-19 14:28 - 2015-02-03 17:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-03-19 14:28 - 2015-02-03 16:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-03-19 14:03 - 2012-02-16 20:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-03-19 14:03 - 2012-02-16 19:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-03-19 14:03 - 2012-02-16 18:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2017-03-11 23:15 - 2017-03-11 23:16 - 00000000 ____D C:\Users\Hong\Downloads\Flash
2017-03-11 22:56 - 2017-03-18 17:33 - 00000000 ____D C:\Users\Hong\Downloads\Walking Dead
2017-03-10 13:17 - 2017-03-10 13:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-10 13:17 - 2017-03-10 13:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-10 13:17 - 2017-03-10 13:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-10 13:17 - 2017-03-10 13:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-03-08 22:12 - 2017-03-08 22:27 - 842430867 _____ C:\Users\Hong\Downloads\The.40.Year.Old.Virgin.Unrated.2005.720p.BluRay.x264.YIFY.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-07 00:07 - 2015-01-15 19:52 - 00000000 ____D C:\Users\Hong\Desktop\Virus cleaning Crap
2017-04-07 00:07 - 2009-07-13 18:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-07 00:07 - 2009-07-13 18:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-07 00:00 - 2012-12-25 21:11 - 00000000 ____D C:\Users\Hong\AppData\Roaming\Skype
2017-04-06 23:58 - 2016-08-30 00:41 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-06 23:57 - 2016-04-15 12:56 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHong.job
2017-04-06 23:57 - 2009-07-13 19:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 23:52 - 2016-08-30 00:41 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-06 23:52 - 2012-04-02 18:11 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354874412-3115551999-2944501906-1002UA.job
2017-04-06 15:20 - 2012-03-23 19:39 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4642BBF7-B6F8-40E8-A50E-B0239BACF030}
2017-04-06 13:30 - 2017-01-09 23:11 - 00000000 ____D C:\Users\Hong\Desktop\Spring 2017
2017-04-06 13:27 - 2012-04-02 18:11 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3354874412-3115551999-2944501906-1002Core.job
2017-04-06 02:51 - 2012-04-11 01:25 - 00000000 ____D C:\Users\Hong\AppData\Roaming\vlc
2017-04-06 01:50 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\inf
2017-04-05 20:25 - 2009-07-13 19:13 - 00785624 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-05 06:55 - 2016-04-15 12:56 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHong
2017-04-05 00:20 - 2016-05-05 04:52 - 00000000 ____D C:\Users\Hong\Desktop\Bernini
2017-04-03 20:27 - 2014-07-01 23:16 - 00000000 ____D C:\Users\Hong\Desktop\temp download
2017-04-03 19:52 - 2016-07-31 12:14 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-03 19:52 - 2016-07-31 12:14 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-02 22:41 - 2012-03-24 02:11 - 00000000 ____D C:\Windows\SHELLNEW
2017-04-02 15:34 - 2015-01-15 19:55 - 00000000 ____D C:\Qoobox
2017-04-02 15:30 - 2009-07-13 16:34 - 00000215 _____ C:\Windows\system.ini
2017-04-02 15:14 - 2015-01-15 19:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-02 15:12 - 2015-01-15 19:58 - 00000000 ____D C:\AdwCleaner
2017-04-02 15:11 - 2017-01-06 15:57 - 00005612 _____ C:\Users\Hong\Desktop\Rkill.txt
2017-04-02 13:38 - 2013-10-26 10:54 - 00000000 ____D C:\Users\Hong\Downloads\Joe Rogan Podcasts
2017-03-24 20:10 - 2016-08-30 00:41 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 19:54 - 2007-01-01 15:25 - 00000000 ____D C:\Windows\Panther
2017-03-24 19:46 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-24 19:22 - 2013-04-21 18:56 - 00000000 ____D C:\Users\GuestUser\AppData\Roaming\hpqLog
2017-03-24 19:20 - 2013-04-21 18:56 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE6ADEC9-C74D-4FDD-B1D8-E69EFEB35C30}
2017-03-24 16:36 - 2016-01-03 01:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-03-24 02:02 - 2012-11-30 11:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-03-24 01:55 - 2016-02-08 21:45 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-23 10:21 - 2012-10-25 03:03 - 00000000 ____D C:\ProgramData\sozbhzsbnxxdled
2017-03-20 17:11 - 2012-10-24 20:26 - 00777898 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-20 10:04 - 2012-04-14 13:02 - 00000000 ____D C:\Users\Hong\AppData\Local\CrashDumps
2017-03-20 09:29 - 2015-04-08 21:13 - 00000000 ____D C:\Users\Hong\AppData\Local\Windows Live
2017-03-20 03:21 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-20 02:30 - 2016-05-17 00:24 - 00000000 ____D C:\Users\Hong\AppData\Roaming\iMazing
2017-03-20 02:20 - 2017-01-20 16:21 - 00000000 ____D C:\Users\Hong\Downloads\Goodfellas (1990)
2017-03-20 02:20 - 2016-11-06 22:57 - 00000000 ____D C:\Users\Hong\Downloads\The Shawshank Redemption (1994)
2017-03-20 02:20 - 2016-06-20 10:09 - 00000000 ____D C:\Users\Hong\Downloads\Jurassic World (2015)
2017-03-20 02:20 - 2016-05-23 14:38 - 00000000 ____D C:\Users\Hong\Downloads\Step Up (2006)
2017-03-20 02:20 - 2016-04-01 07:49 - 00000000 ____D C:\Users\Hong\Downloads\Despicable Me (2010)
2017-03-20 02:20 - 2016-03-09 20:51 - 00000000 ____D C:\Users\Hong\Downloads\The Dark Knight (2008)
2017-03-20 02:20 - 2016-03-04 23:49 - 00000000 ____D C:\Users\Hong\Downloads\Starship Troopers (1997) [1080p]
2017-03-20 02:20 - 2016-03-02 13:48 - 00000000 ____D C:\Users\Hong\Downloads\The Departed (2006)
2017-03-20 02:20 - 2016-02-05 21:21 - 00000000 ____D C:\Users\Hong\Downloads\Captain America The Winter Soldier (2014) [1080p]
2017-03-20 02:20 - 2016-01-03 16:31 - 00000000 ____D C:\Users\Hong\Downloads\Pitch Perfect 2 (2015) [1080p]
2017-03-20 02:20 - 2015-11-27 21:40 - 00000000 ____D C:\Users\Hong\Downloads\Hotel Transylvania (2012)
2017-03-20 02:20 - 2015-10-09 19:20 - 00000000 ____D C:\Users\Hong\Downloads\Limitless (2011)
2017-03-20 02:20 - 2015-08-29 15:46 - 00000000 ____D C:\Users\Hong\Downloads\The Maze Runner (2014)
2017-03-20 02:20 - 2015-07-20 20:03 - 00000000 ____D C:\Users\Hong\Downloads\Slumdog Millionaire (2008) [1080p]
2017-03-20 02:20 - 2015-07-05 20:04 - 00000000 ____D C:\Users\Hong\Downloads\Scarface (1983) [1080p]
2017-03-20 02:20 - 2015-05-09 21:47 - 00000000 ____D C:\Users\Hong\Downloads\Star Trek Into Darkness (2013) [1080p]
2017-03-20 02:20 - 2015-04-11 21:07 - 00000000 ____D C:\Users\Hong\Downloads\Furious 6 (2013) [1080p]
2017-03-20 02:20 - 2014-12-19 10:32 - 00000000 ____D C:\Users\Hong\Downloads\How to Train Your Dragon 2 (2014)
2017-03-20 02:20 - 2014-08-23 03:37 - 00000000 ____D C:\Users\Hong\Downloads\Shutter Island (2010) [1080p]
2017-03-20 02:20 - 2014-08-01 22:37 - 00000000 ____D C:\Users\Hong\Downloads\Lilo and Stitch (2002) [1080p]
2017-03-20 02:20 - 2014-07-23 22:16 - 00000000 ____D C:\Users\Hong\Downloads\Monsters University (2013)
2017-03-20 02:20 - 2014-07-23 20:28 - 00000000 ____D C:\Users\Hong\Downloads\Ratatouille (2007) [1080p]
2017-03-20 02:20 - 2014-07-16 19:25 - 00000000 ____D C:\Users\Hong\Downloads\Monsters Inc (2001)
2017-03-20 02:20 - 2014-07-16 19:22 - 00000000 ____D C:\Users\Hong\Downloads\American Gangster (2007) UNRATED
2017-03-20 02:20 - 2014-07-09 19:21 - 00000000 ____D C:\Users\Hong\Downloads\Finding Nemo (2003)
2017-03-20 02:20 - 2014-07-08 23:02 - 00000000 ____D C:\Users\Hong\Downloads\Star Wars Episode III Revenge of the Sith (2005) [1080p]
2017-03-20 02:20 - 2014-07-02 13:25 - 00000000 ____D C:\Users\Hong\Downloads\Horrible Bosses (2011)
2017-03-20 02:20 - 2014-06-24 23:29 - 00000000 ____D C:\Users\Hong\Downloads\Star Wars Episode II Attack of the Clones (2002) [1080p]
2017-03-20 02:20 - 2014-06-19 22:38 - 00000000 ____D C:\Users\Hong\Downloads\Star Wars Episode VI Return of the Jedi (1983) [1080p]
2017-03-20 02:20 - 2014-06-17 12:42 - 00000000 ____D C:\Users\Hong\Downloads\How To Train Your Dragon (2010) [1080p]
2017-03-20 02:20 - 2014-06-16 17:42 - 00000000 ____D C:\Users\Hong\Downloads\Star Wars Episode V The Empire Strikes Back (1980) [1080p]
2017-03-20 02:20 - 2014-06-08 19:45 - 00000000 ____D C:\Users\Hong\Downloads\Star Wars Episode IV A New Hope (1977) [1080p]
2017-03-20 02:20 - 2014-05-19 19:59 - 00000000 ____D C:\Users\Hong\Downloads\Silver Linings Playbook (2012)
2017-03-20 02:20 - 2014-04-16 21:32 - 00000000 ____D C:\Users\Hong\Downloads\The Wolverine (2013)
2017-03-20 02:20 - 2014-01-05 20:26 - 00000000 ____D C:\Users\Hong\Downloads\Reservoir Dogs (1992) [1080p]
2017-03-20 02:20 - 2014-01-02 16:36 - 00000000 ____D C:\Users\Hong\Downloads\The Rundown (2003)
2017-03-20 02:20 - 2013-12-30 16:36 - 00000000 ____D C:\Users\Hong\Downloads\Beauty and the Beast (1991)
2017-03-20 02:20 - 2013-08-24 12:12 - 00000000 ____D C:\Users\Hong\Downloads\Star Trek (2009) [1080p]
2017-03-20 02:20 - 2013-08-24 12:11 - 00000000 ____D C:\Users\Hong\Downloads\50 First Dates (2004) [1080p]
2017-03-20 02:20 - 2013-06-02 20:40 - 00000000 ____D C:\Users\Hong\Downloads\Jurassic Park (1993) [1080p]
2017-03-20 02:20 - 2013-03-12 00:47 - 00000000 ____D C:\Users\Hong\Downloads\Blood Diamond (2006) [1080p]
2017-03-20 02:20 - 2012-12-31 22:35 - 00000000 ____D C:\Users\Hong\Downloads\Pulp Fiction (1994)
2017-03-20 02:20 - 2012-07-09 13:21 - 00000000 ____D C:\Users\Hong\Downloads\Toy Story (1995)
2017-03-20 01:32 - 2015-06-23 23:09 - 00000000 ____D C:\Users\Hong\AppData\Roaming\qBittorrent
2017-03-20 01:14 - 2016-07-31 12:08 - 00001417 _____ C:\Users\Hong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-20 01:06 - 2016-02-11 22:09 - 00425152 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-20 00:58 - 2009-07-13 19:32 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-20 00:58 - 2009-07-13 19:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\tracing
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\Dism
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-20 00:58 - 2009-07-13 17:20 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-20 00:57 - 2009-07-13 19:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-19 17:35 - 2015-04-01 10:42 - 00000000 ____D C:\Windows\system32\MRT
2017-03-19 17:22 - 2015-04-01 10:42 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-13 23:47 - 2014-01-02 09:05 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-13 23:47 - 2014-01-02 09:05 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-13 23:47 - 2014-01-02 09:05 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-13 23:47 - 2012-03-24 02:49 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-13 23:47 - 2011-10-25 18:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-09 13:24 - 2016-08-30 00:41 - 00000000 ____D C:\Users\Hong\AppData\Local\Dropbox
2017-03-09 03:01 - 2016-03-23 04:52 - 00000000 ____D C:\Users\Hong\AppData\Roaming\MPC-HC
 
==================== Files in the root of some directories =======
 
2017-03-23 01:17 - 2017-03-23 01:17 - 0000036 _____ () C:\Users\Hong\AppData\Local\housecall.guid.cache
2012-12-08 01:52 - 2014-04-27 15:30 - 0007602 ____R () C:\Users\Hong\AppData\Local\Resmon.ResmonCfg
2015-03-13 17:48 - 2015-03-13 17:48 - 0000000 ____R () C:\Users\Hong\AppData\Local\{80E69BF4-AD44-43CB-94D0-74DB71FFFDE1}
2016-04-10 23:46 - 2016-04-10 23:46 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-04-06 23:58 - 2017-04-06 23:58 - 0000000 ____H () C:\ProgramData\cm-lock
2012-10-25 03:01 - 2012-10-25 03:03 - 0097642 _____ () C:\ProgramData\padyuguebiooynr
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-08-26 16:02
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 AM

Posted 08 April 2017 - 08:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy\User: Restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ProfilePath: 04277665 [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the Fixlog let me know what problem persists with this computer.
I also need to see the Addition.txt file that was created by the Farbar tool. Please copy the contents and paste it in your next reply.

===
p.s.

If not already done reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

#3 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 08 April 2017 - 06:13 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Hong (08-04-2017 12:52:39) Run:1
Running from C:\Users\Hong\Desktop\Virus cleaning Crap
Loaded Profiles: Hong (Available Profiles: Hong & GuestUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy\User: Restriction <======= ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2016-05-11] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF ProfilePath: 04277665 [not found]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Hong\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\AIPS => key removed successfully
AIPS => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::25db:7ea7:b426:1a59%11
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : gateway.ht.net
   Link-local IPv6 Address . . . . . : fe80::25db:7ea7:b426:1a59%11
   IPv4 Address. . . . . . . . . . . : 192.168.200.66
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.200.1
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv4 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6397112 B
Java, Flash, Steam htmlcache => 125107148 B
Windows/system/drivers => 12354 B
Edge => 0 B
Chrome => 248499794 B
Firefox => 11315606 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1411795 B
systemprofile32 => 57458081 B
LocalService => 51849096 B
NetworkService => 0 B
Hong => 17906092 B
GuestUser => 114531 B
Guest => 85151 B
 
RecycleBin => 672115306 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 12:59:24 ====
 
 
So I guess we'll see if I get any weird emails of me being hacked? Also this may be a Windows problem but I can't search for any files within my computer. But the main problem is the keylogging I'm geting so that is the important thing here. I will reset my router.
 
Thank You!
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 AM

Posted 09 April 2017 - 07:36 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{D7D3CA0B-DD16-ADAF-39E4-66FD70ED6DE02}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{DB342E32-06DC-9BE7-849D-FE79405BDB865}\InprocServer32 -> 0x505C52596EA1D20180D152596EA1D201010000000200000000000000 => No File
Task: {B94D2E89-4315-411C-9FBB-C211A9E9EFED} - System32\Tasks\{57885F01-1DF5-44B6-9312-A6B93E8918DD} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.0.117.324/en/go/help.faq.installer?LastError=1603
AlternateDataStreams: C:\ProgramData\Temp:0A4A3F5A [110]
FirewallRules: [{BF84B5A5-7DB6-4D84-B809-1265BD82B415}] => (Allow) C:\Users\Hong\AppData\Local\WikiBrowser\Application\wikibrowser.exe
C:\Users\Hong\AppData\Local\WikiBrowser\Application\wikibrowser.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
===
 

Also this may be a Windows problem but I can't search for any files within my computer.

Try the suggestions on this page.
http://www.thewindowsclub.com/fix-repair-broken-windows-search-windows-7-easily
===

Consider also running this AntiRootkit program.

Please download [url=https://www.malwarebytes.com/antirootkit

[b]Anti-Rootkit BETA and save it to your Desktop.
  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please copy and paste the entire content of that log in your next reply;
===
Please let me know what problem persists with this computer.

#5 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 12 April 2017 - 12:53 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Hong (09-04-2017 10:22:40) Run:2
Running from C:\Users\Hong\Desktop\Virus cleaning Crap
Loaded Profiles: Hong (Available Profiles: Hong & GuestUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CustomCLSID: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{D7D3CA0B-DD16-ADAF-39E4-66FD70ED6DE02}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{DB342E32-06DC-9BE7-849D-FE79405BDB865}\InprocServer32 -> 0x505C52596EA1D20180D152596EA1D201010000000200000000000000 => No File
Task: {B94D2E89-4315-411C-9FBB-C211A9E9EFED} - System32\Tasks\{57885F01-1DF5-44B6-9312-A6B93E8918DD} => Chrome.exe hxxp://ui.skype.com/ui/0/5.5.0.117.324/en/go/help.faq.installer?LastError=1603
AlternateDataStreams: C:\ProgramData\Temp:0A4A3F5A [110]
FirewallRules: [{BF84B5A5-7DB6-4D84-B809-1265BD82B415}] => (Allow) C:\Users\Hong\AppData\Local\WikiBrowser\Application\wikibrowser.exe
C:\Users\Hong\AppData\Local\WikiBrowser\Application\wikibrowser.exe
 
EndSave the file as fixlist.txt in the same folder where the Farbar tool is runnin
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{D7D3CA0B-DD16-ADAF-39E4-66FD70ED6DE02} => key removed successfully
HKU\S-1-5-21-3354874412-3115551999-2944501906-1002_Classes\CLSID\{DB342E32-06DC-9BE7-849D-FE79405BDB865} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B94D2E89-4315-411C-9FBB-C211A9E9EFED} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B94D2E89-4315-411C-9FBB-C211A9E9EFED} => key removed successfully
C:\Windows\System32\Tasks\{57885F01-1DF5-44B6-9312-A6B93E8918DD} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{57885F01-1DF5-44B6-9312-A6B93E8918DD} => key removed successfully
C:\ProgramData\Temp => ":0A4A3F5A" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BF84B5A5-7DB6-4D84-B809-1265BD82B415} => value not found.
"C:\Users\Hong\AppData\Local\WikiBrowser\Application\wikibrowser.exe" => not found.
EndSave the file as fixlist.txt in the same folder where the Farbar tool is runnin => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1946214 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6468 B
Edge => 0 B
Chrome => 243068120 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Hong => 625872 B
GuestUser => 0 B
Guest => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 242.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:25:07 ====
 
 
 
 
 
I have updated Java.
 
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.04.09.05
  rootkit: v2017.04.02.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17843
Hong :: HONG-HP [administrator]
 
4/9/2017 11:11:26 AM
mbar-log-2017-04-09 (11-11-26).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 399293
Time elapsed: 1 hour(s), 9 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
The link you sent me to fix my searching problem leads to a dead link. But I have tried "Rebuilding" my index to no avail. But don't worry about the search problem. So far I haven' received any weird emails of me being hacked yet.
 
Thank you

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:17 AM

Posted 12 April 2017 - 09:35 AM




The link I provided for the Windows search is good. However my AdBlocker is blocking it.

Try this.
https://answers.microsoft.com/en-us/windows/forum/windows_7-files/windows-7-search-does-not-work-for-documents/9f82fb0b-eb28-4c07-9130-b0b3944818dd

===



If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#7 Kevin3310

Kevin3310
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 14 April 2017 - 05:42 AM

Unfortunately that fix did not work. But it's okay I'll live!

 

Thank you for those safety links. Are there any free anti-virus programs that you'd recommend or that people on this forum recommend across the board?

 

Anyways Thank you for your time! I'll PM you or bump this topic if anything fishy occurs!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users