Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer Phishing for bank info


  • This topic is locked This topic is locked
4 replies to this topic

#1 goober_van

goober_van

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 03 June 2017 - 01:43 AM

Hello,

 

I have an interesting problem. When I start up Internet Explorer and go to my banks website and login in it starts to retrieve my banking info and suddenly blanks out and says loading information. After a couple of seconds a message comes up asking for all the security question answers. The page looks very legit but I know it isn't because if I do the same on another computer it asks for the answer to one of the security questions and I get into my banking info right away. Here is the FRST.txt info

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-06-2017
Ran by SUSAN (administrator) on SUSAN-THINK (02-06-2017 23:17:51)
Running from C:\Users\SUSAN\Downloads
Loaded Profiles: SUSAN (Available Profiles: SUSAN)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Windows\SysWOW64\SecUPDUtilSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intuit Canada ULC.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289648 2012-05-24] (Lenovo Group Limited)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5367192 2017-04-06] (Box, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Power Manager Startup Utility] => C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe [23352 2012-02-22] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [STO Backup Service] => C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe [199800 2012-09-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [STO Launcher Service] => C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe [405624 2012-09-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\Run: [comrr_35] => rundll32 "C:\Users\SUSAN\AppData\Roaming\Microsoft\Cmifprxy\Audiprx6.dll",DllRegisterServer
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\MountPoints2: {e59cf744-e3c5-11e5-981c-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\MountPoints2: {e59cf74f-e3c5-11e5-981c-806e6f6e6963} - E:\setup.exe
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {b1fa9e01-7517-3f4c-a33f-fdd93b2efbac} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {dd83d621-d900-3610-a9d0-1c6be1df90c8} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {b7ab37bd-fa8d-36e9-95c1-bd0047047a8f} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {e04571d0-2dee-3072-ac0e-0f0d1cd77a77} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {74de99c4-7ea6-3e59-b118-1a4e7bb95bf8} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-03-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{79483BCC-FD85-455F-92A4-C5EA81413035}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll [2012-04-19] (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll [2012-04-19] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2010-04-23] (Intuit, Inc.)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: (Symantec VIP Access Add-On) - C:\Program Files (x86)\Symantec\VIP Access Client [2012-12-12] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1313929994-3195920268-994555279-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR StartupUrls: Default -> "hxxp://www.google.ca/"
CHR Profile: C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default [2017-06-02]
CHR Extension: (Google Docs) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-06]
CHR Extension: (Google Drive) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
CHR Extension: (Google Sheets) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 Power Manager DBC Service; C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE [70968 2012-02-22] (Lenovo)
S3 PwmEWSvc; C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE [165176 2012-02-22] (Lenovo Group Limited)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2010-04-23] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 SamsungUPDUtilSvc; C:\Windows\SysWOW64\SecUPDUtilSvc.exe [143664 2016-07-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-31] ()
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-02] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-06-02] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-06-28] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192864 2016-06-28] (Oracle Corporation)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 23:17 - 2017-06-02 23:18 - 00020104 _____ C:\Users\SUSAN\Downloads\FRST.txt
2017-06-02 23:16 - 2017-06-02 23:17 - 00000000 ____D C:\Users\SUSAN\Downloads\frst
2017-06-02 22:32 - 2017-06-02 23:00 - 12496596 _____ C:\Users\SUSAN\Downloads\Unconfirmed 518984.crdownload
2017-06-02 19:53 - 2017-06-02 23:17 - 00000000 ____D C:\FRST
2017-06-02 19:38 - 2017-06-02 19:39 - 00002050 _____ C:\Users\SUSAN\Desktop\Rkill.txt
2017-06-02 19:37 - 2017-06-02 19:38 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\SUSAN\Downloads\rkill.exe
2017-06-02 19:34 - 2017-06-02 19:35 - 02433536 _____ (Farbar) C:\Users\SUSAN\Downloads\FRST64.exe
2017-06-02 19:29 - 2017-06-02 23:02 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-02 19:29 - 2017-06-02 23:02 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-02 19:29 - 2017-06-02 23:02 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-02 19:29 - 2017-06-02 23:02 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-02 19:29 - 2017-06-02 19:29 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-02 19:29 - 2017-06-02 19:29 - 00001878 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-02 19:29 - 2017-06-02 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-02 19:29 - 2017-06-02 19:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-02 19:29 - 2017-06-02 19:29 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-02 19:29 - 2017-05-31 11:09 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-02 16:00 - 2017-06-02 16:00 - 00001420 _____ C:\Users\SUSAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-06-02 13:47 - 2017-06-02 13:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\SUSAN\Downloads\HijackThis.exe
2017-06-02 13:22 - 2017-06-02 23:02 - 00000000 ____D C:\Users\SUSAN\AppData\Local\FSDART
2017-06-02 13:21 - 2017-06-02 19:16 - 00000000 ____D C:\ProgramData\F-Secure
2017-06-02 13:21 - 2017-06-02 13:21 - 00000000 ____D C:\Users\SUSAN\AppData\Local\F-Secure
2017-06-01 16:29 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-06-01 16:29 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-05-31 14:58 - 2017-05-31 15:06 - 55915216 _____ (Microsoft Corporation) C:\Users\SUSAN\Downloads\IE11-Windows6.1-x64-en-us.exe
2017-05-31 14:50 - 2017-05-31 14:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-31 14:48 - 2017-05-31 14:50 - 11584088 _____ (SurfRight B.V.) C:\Users\SUSAN\Downloads\hitmanpro_x64.exe
2017-05-31 13:31 - 2017-05-31 16:44 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-05-31 13:12 - 2017-05-31 13:12 - 00954468 _____ C:\Users\SUSAN\AppData\Local\census.cache
2017-05-31 13:11 - 2017-05-31 13:11 - 00258300 _____ C:\Users\SUSAN\AppData\Local\ars.cache
2017-05-31 13:02 - 2017-05-31 13:02 - 00000010 _____ C:\Users\SUSAN\AppData\Local\sponge.last.runtime.cache
2017-05-31 12:56 - 2017-05-31 16:44 - 00000000 ____D C:\ProgramData\Trend Micro
2017-05-31 12:56 - 2017-05-31 12:56 - 00000000 ____D C:\Windows\Trend Micro
2017-05-31 12:26 - 2016-08-22 12:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-05-31 12:25 - 2017-05-31 12:25 - 00000036 _____ C:\Users\SUSAN\AppData\Local\housecall.guid.cache
2017-05-31 12:23 - 2017-05-31 12:24 - 02527376 _____ (Trend Micro Inc.) C:\Users\SUSAN\Downloads\HousecallLauncher64.exe
2017-05-31 09:55 - 2017-05-31 10:04 - 63364552 _____ (Malwarebytes ) C:\Users\SUSAN\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.122-1.0.1976.exe
2017-05-15 10:44 - 2017-05-15 10:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2017-05-15 10:43 - 2017-04-27 18:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-15 10:43 - 2017-04-27 18:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-15 10:43 - 2017-04-27 18:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-15 10:43 - 2017-04-27 18:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-15 10:43 - 2017-04-27 18:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-15 10:43 - 2017-04-27 18:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-15 10:43 - 2017-04-27 18:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-15 10:43 - 2017-04-27 17:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-15 10:43 - 2017-04-27 17:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-15 10:43 - 2017-04-27 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-15 10:43 - 2017-04-27 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-15 10:43 - 2017-04-27 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-15 10:43 - 2017-04-27 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-15 10:43 - 2017-04-27 17:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-15 10:43 - 2017-04-27 17:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-15 10:43 - 2017-04-27 17:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-15 10:43 - 2017-04-27 17:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-15 10:43 - 2017-04-27 17:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-15 10:43 - 2017-04-27 17:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-15 10:43 - 2017-04-27 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-15 10:43 - 2017-04-27 17:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-15 10:43 - 2017-04-27 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-15 10:43 - 2017-04-27 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-15 10:43 - 2017-04-27 17:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-15 10:43 - 2017-04-27 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-15 10:43 - 2017-04-27 17:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-15 10:43 - 2017-04-27 17:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-15 10:43 - 2017-04-26 07:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-15 10:43 - 2017-04-21 08:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-15 10:43 - 2017-04-21 08:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-15 10:43 - 2017-04-17 08:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-15 10:43 - 2017-04-17 08:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-15 10:43 - 2017-04-17 08:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-15 10:43 - 2017-04-17 08:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-15 10:43 - 2017-04-17 08:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-15 10:43 - 2017-04-17 08:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-15 10:43 - 2017-04-17 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-15 10:43 - 2017-04-17 08:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-15 10:43 - 2017-04-17 07:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-15 10:43 - 2017-04-12 08:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-15 10:43 - 2017-04-12 08:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-15 10:43 - 2017-04-12 08:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-15 10:43 - 2017-04-12 08:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-15 10:43 - 2017-04-12 08:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-15 10:43 - 2017-04-12 08:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-15 10:43 - 2017-04-12 08:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-15 10:43 - 2017-04-12 08:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-15 10:43 - 2017-04-07 08:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-15 10:43 - 2017-04-07 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-15 10:43 - 2017-04-07 08:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-15 10:43 - 2017-04-07 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-15 10:43 - 2017-04-07 08:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-15 10:43 - 2017-04-05 07:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-15 10:43 - 2017-04-05 07:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-15 10:43 - 2017-04-05 07:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-15 10:43 - 2017-04-04 08:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-15 10:43 - 2017-04-04 08:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-15 10:43 - 2017-04-04 08:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-15 10:43 - 2017-04-04 07:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-15 10:43 - 2017-04-04 07:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-15 10:43 - 2017-03-22 08:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-15 10:43 - 2017-03-22 08:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-15 10:43 - 2017-03-22 08:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-15 10:43 - 2017-03-22 08:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-15 10:43 - 2017-03-22 08:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-15 10:43 - 2017-03-22 08:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-15 10:43 - 2017-03-22 08:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-15 10:43 - 2017-03-22 08:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-15 10:43 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-15 10:43 - 2017-03-22 08:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-15 10:43 - 2017-03-22 08:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-15 10:43 - 2017-03-22 08:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-15 10:43 - 2017-03-22 08:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-15 10:43 - 2017-03-22 08:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-15 10:43 - 2017-03-22 08:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-15 10:43 - 2017-03-22 08:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-15 10:43 - 2017-03-10 09:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-15 10:43 - 2017-03-10 09:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-15 10:43 - 2017-03-10 09:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-15 10:43 - 2017-03-10 09:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-15 10:43 - 2017-03-10 09:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-15 10:43 - 2017-03-10 09:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-15 10:43 - 2017-03-10 09:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-15 10:43 - 2017-03-10 09:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-15 10:43 - 2017-03-10 09:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-15 10:43 - 2017-03-10 09:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-15 10:43 - 2017-03-10 09:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-15 10:43 - 2017-03-10 09:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-15 10:43 - 2017-03-10 09:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-15 10:43 - 2017-03-10 08:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-15 10:43 - 2017-03-10 08:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-15 10:43 - 2017-03-10 08:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-15 10:43 - 2017-03-10 08:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-15 10:43 - 2017-03-09 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-15 10:43 - 2017-03-09 09:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-15 10:43 - 2017-03-07 09:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-15 10:43 - 2017-03-07 09:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-15 10:43 - 2017-03-07 07:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-15 10:43 - 2017-03-03 18:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-15 10:43 - 2017-03-03 18:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-15 10:43 - 2017-03-03 18:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-15 10:43 - 2017-03-03 18:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-15 10:43 - 2017-02-14 09:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-15 10:43 - 2017-02-14 09:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-05-15 10:43 - 2017-02-10 09:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-15 10:43 - 2017-02-10 09:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-15 10:43 - 2017-02-10 07:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-15 10:43 - 2017-02-09 09:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-05-15 10:43 - 2017-02-09 09:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-05-15 10:43 - 2017-02-09 09:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-15 10:43 - 2017-02-09 09:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-15 10:43 - 2017-02-09 09:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-15 10:43 - 2017-02-09 09:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-15 10:43 - 2017-02-09 09:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-15 10:43 - 2017-02-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-05-15 10:43 - 2017-02-09 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-15 10:43 - 2017-02-09 07:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-15 10:43 - 2017-02-09 07:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-15 10:43 - 2017-02-06 09:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-15 10:43 - 2017-01-18 08:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-05-15 10:43 - 2017-01-18 08:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-05-15 10:43 - 2017-01-13 11:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-15 10:43 - 2017-01-13 11:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-15 10:43 - 2017-01-13 10:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-15 10:43 - 2017-01-13 10:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-15 10:43 - 2017-01-11 11:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-15 10:43 - 2017-01-11 11:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-15 10:43 - 2017-01-11 10:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-15 10:43 - 2017-01-11 10:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-15 10:43 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-05-15 10:43 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-05-15 10:43 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-05-15 10:43 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-05-15 10:43 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-05-15 10:43 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-05-15 10:43 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-05-15 10:43 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-05-15 10:43 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-05-15 10:43 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-05-15 10:43 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-05-15 10:43 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-05-15 10:43 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-05-15 10:43 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-05-15 10:43 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-05-15 10:43 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-05-15 10:43 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-05-15 10:43 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-05-15 10:43 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-05-15 10:43 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-05-15 10:43 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-05-15 10:43 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-05-15 10:43 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-05-15 10:43 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-05-15 10:43 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-05-15 10:43 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-05-15 10:43 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-05-15 10:43 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-05-15 10:43 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-05-15 10:43 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-05-15 10:43 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-05-15 10:43 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-05-15 10:43 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-05-15 10:43 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-05-15 10:43 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-05-15 10:43 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-05-15 10:43 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-05-15 10:43 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-05-15 10:43 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-05-15 10:43 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-05-15 10:43 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-05-15 10:43 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-05-15 10:43 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-05-15 10:43 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-05-15 10:43 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-05-15 10:43 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-05-15 10:43 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-05-15 10:43 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-05-15 10:43 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-05-15 10:43 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-05-15 10:43 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-05-15 10:43 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-05-15 10:43 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-05-15 10:43 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-05-15 10:43 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-05-15 10:43 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-05-15 10:43 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-05-15 10:43 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-05-15 10:43 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-05-15 10:43 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-05-15 10:43 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-05-15 10:43 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-15 10:43 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-05-15 10:43 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-15 10:43 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-05-15 10:43 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-05-15 10:43 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-05-15 10:43 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-05-15 10:43 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-05-15 10:43 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-05-15 10:43 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-05-15 10:43 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-05-15 10:43 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-05-15 10:43 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-05-15 10:43 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-05-15 10:43 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-05-15 10:43 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-05-15 10:43 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-05-15 10:43 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-05-15 10:43 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-05-15 10:43 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-05-15 10:43 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-05-15 10:43 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-05-15 10:43 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-05-15 10:43 - 2016-03-23 15:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-15 10:43 - 2016-03-23 15:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-15 10:28 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-05-15 10:17 - 2017-02-22 16:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-15 10:17 - 2017-02-22 16:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-15 10:17 - 2017-02-18 07:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-15 10:17 - 2017-02-18 07:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-15 10:17 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-15 10:17 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-15 10:17 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-15 10:17 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-15 10:17 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-15 10:03 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-15 10:03 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-05-15 10:03 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-05-15 10:03 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-05-15 10:03 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-05-15 10:03 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-05-15 10:02 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-05-15 10:02 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-05-15 10:02 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-05-15 10:02 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-05-15 10:02 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-05-15 10:02 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-05-15 10:02 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-05-15 10:02 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-05-15 10:02 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-05-15 10:02 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-05-15 10:02 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-02 23:10 - 2009-07-13 21:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-02 23:10 - 2009-07-13 21:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-02 23:06 - 2009-07-13 22:13 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-02 23:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-06-02 23:03 - 2016-03-07 19:17 - 00000000 __SHD C:\Users\SUSAN\IntelGraphicsProfiles
2017-06-02 23:02 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-02 23:01 - 2016-03-06 12:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-02 22:59 - 2011-02-24 10:03 - 00000000 ____D C:\Windows\Panther
2017-06-02 22:51 - 2016-03-06 11:11 - 00000000 ____D C:\Users\SUSAN\AppData\LocalLow\VeriSign
2017-06-02 15:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-02 13:47 - 2016-03-06 11:09 - 00000000 ____D C:\Users\SUSAN\AppData\Local\VirtualStore
2017-06-01 15:29 - 2016-03-07 17:33 - 00765304 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-01 15:28 - 2016-03-07 16:00 - 00000000 ____D C:\Windows\system32\MRT
2017-06-01 15:26 - 2016-03-07 16:00 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-01 13:37 - 2016-07-10 21:17 - 00000000 ____D C:\Users\SUSAN\Documents\PDF
2017-05-30 13:45 - 2010-11-20 20:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-15 12:26 - 2017-02-13 21:58 - 00002266 _____ C:\Users\SUSAN\Desktop\Google Chrome.lnk
2017-05-15 12:13 - 2009-07-13 21:45 - 00384240 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-15 12:12 - 2016-03-07 20:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-15 12:12 - 2016-03-07 20:38 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-15 12:12 - 2011-12-08 13:42 - 00000000 ____D C:\Windows\ShellNew
2017-05-15 12:12 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-15 12:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-05-15 12:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2017-05-15 10:49 - 2016-03-08 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-15 10:49 - 2016-03-08 12:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-15 10:49 - 2016-03-08 12:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-05-15 10:48 - 2016-03-22 21:58 - 00002155 _____ C:\Windows\epplauncher.mif
2017-05-15 10:48 - 2016-03-22 21:55 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2017-05-15 10:48 - 2016-03-22 21:55 - 00000000 ____D C:\Program Files\Microsoft Security Client
2017-05-15 10:48 - 2016-03-22 21:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-05-15 10:46 - 2009-07-13 19:34 - 00000478 _____ C:\Windows\win.ini
2017-05-11 17:09 - 2012-12-12 22:54 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-11 13:01 - 2016-07-10 21:38 - 00000909 _____ C:\Users\SUSAN\Desktop\123 Free Solitaire.lnk
 
==================== Files in the root of some directories =======
 
2017-05-31 13:11 - 2017-05-31 13:11 - 0258300 _____ () C:\Users\SUSAN\AppData\Local\ars.cache
2017-05-31 13:12 - 2017-05-31 13:12 - 0954468 _____ () C:\Users\SUSAN\AppData\Local\census.cache
2017-05-31 12:25 - 2017-05-31 12:25 - 0000036 _____ () C:\Users\SUSAN\AppData\Local\housecall.guid.cache
2017-05-31 13:02 - 2017-05-31 13:02 - 0000010 _____ () C:\Users\SUSAN\AppData\Local\sponge.last.runtime.cache
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-07-07 00:54
 
==================== End of FRST.txt ============================

 

 


BC AdBot (Login to Remove)

 


#2 goober_van

goober_van
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 03 June 2017 - 01:45 AM

Here is the Additional.txt info

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by SUSAN (02-06-2017 23:18:18)
Running from C:\Users\SUSAN\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-03-06 18:07:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1313929994-3195920268-994555279-500 - Administrator - Disabled)
Guest (S-1-5-21-1313929994-3195920268-994555279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1313929994-3195920268-994555279-1002 - Limited - Enabled)
SUSAN (S-1-5-21-1313929994-3195920268-994555279-1001 - Administrator - Enabled) => C:\Users\SUSAN
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Box Sync (HKLM\...\{CB732C5D-1F06-41A8-B984-B84B87053E8C}) (Version: 4.0.7800.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.7702.0 - Box Inc.) Hidden
Bullzip PDF Printer 10.24.0.2543 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.24.0.2543 - Bullzip)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.57 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Oracle VM VirtualBox 5.0.24 (HKLM\...\{BA15D402-19CA-493E-958B-170A0C446F25}) (Version: 5.0.24 - Oracle Corporation)
QuickBooks (x32 Version: 19.0.4004.1090 - Intuit Canada Limited) Hidden
QuickBooks Premier Edition 2010 (HKLM-x32\...\{EB61B60D-1443-41FA-BBD7-BCD8217551B7}) (Version: 19.0.4004.1090 - Intuit Canada Limited)
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(25/05/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Center (HKLM-x32\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Samsung SCX-4200 Series (HKLM-x32\...\Samsung SCX-4200 Series) (Version:  - Samsung Electronics CO.,LTD)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmarThru Office (HKLM-x32\...\{9BC1E722-AE07-46A3-B7A6-556DBE18E22A}) (Version: 2.10.000 - Samsung Electronics Co., Ltd.)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.03.0017 - Lenovo)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.30.0 - Lenovo)
ThinkVantage Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 2.10.0007 - Lenovo Group Limited)
Uninstall Samsung Printer Software (HKLM-x32\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
View Management Utility (HKLM-x32\...\InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}) (Version: 3.0.12.0329 - Lenovo)
View Management Utility (Version: 3.0.12.0329 - Lenovo) Hidden
VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign)
Windows Driver Package - Intel Corporation (igfx) Display  (03/19/2012 8.15.10.2696) (HKLM\...\6AF882A8E50505CE490495746E271C3F586F9110) (Version: 03/19/2012 8.15.10.2696 - Intel Corporation)
Windows Driver Package - Intel hdc  (09/10/2010 9.2.0.1011) (HKLM\...\171901D8B4D5484C362A709BF264A50F065A14FB) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (11/20/2010 9.2.0.1016) (HKLM\...\43B5066463CEBC83E99586A67037B6F9FC4193FE) (Version: 11/20/2010 9.2.0.1016 - Intel)
Windows Driver Package - Intel USB  (12/21/2010 9.2.0.1021) (HKLM\...\0DD5528A211904214F70A66DE6ADBD378B21566D) (Version: 12/21/2010 9.2.0.1021 - Intel)
Windows Driver Package - Realtek (RTL8167) Net  (11/23/2011 7.050.1123.2011) (HKLM\...\93D0B653D730EB57C01C763D1BE4E63ABC9204F0) (Version: 11/23/2011 7.050.1123.2011 - Realtek)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (03/27/2012 6.0.1.6602) (HKLM\...\88CB7AA478955801F99FBF6D2BCF739BEB87A7F3) (Version: 03/27/2012 6.0.1.6602 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1313929994-3195920268-994555279-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06100CEB-6697-45E2-BE28-A661C7BEADE9} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {179055D2-41EF-4AC4-A5F5-3698095C14C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {3D933D0F-7633-44B5-80BC-0B83E31A99CB} - System32\Tasks\TVT\TVSUUpdateTask_SUSAN-THINK_SUSAN => C:\Program Files (x86)\Lenovo\System Update\tvsu.exe [2012-06-05] ()
Task: {86442454-34DD-42DD-A6DC-498D9D169E44} - System32\Tasks\PMTask => C:\Program Files (x86)\Lenovo\PowerMgr\PWMIDTSV.EXE [2012-02-22] (Lenovo Group Limited)
Task: {AE8BF120-E159-4A66-A28E-9C61E6A9167F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {B5C036B8-CAB5-4C85-8106-352B545A2626} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {B99F54CD-C93E-4119-AA30-9629C21A53AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {E7E46F3E-D0CE-4CFD-86F4-BDD47F86919F} - System32\Tasks\Canimco Inventory Copying Batch => C:\Users\SUSAN\Documents\Canimco Inventory Copying Batch.bat [2016-09-19] ()
Task: {F2896922-C05C-40D9-AC44-48F69119E015} - System32\Tasks\TVT\TVSUUpdateTask_WIN-8KM28URJCH2_Administrator => C:\Program Files (x86)\Lenovo\System Update\tvsu.exe [2012-06-05] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-10 20:12 - 2015-03-11 19:43 - 00022528 _____ () C:\Windows\System32\us003lm.dll
2016-07-10 20:12 - 2016-07-10 20:12 - 00143664 ____N () C:\Windows\SysWOW64\SecUPDUtilSvc.exe
2016-07-10 21:49 - 2009-10-01 03:58 - 00327168 _____ () C:\Windows\system32\SaMinDrv.dll
2014-07-24 21:36 - 2014-07-24 21:36 - 00087552 _____ () C:\Windows\system32\ssdevm64.dll
2017-06-02 19:29 - 2017-05-31 11:09 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-09-08 13:39 - 2014-09-08 13:39 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:38 - 2014-09-08 13:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00118088 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01157960 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00053576 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01751880 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00134544 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2014-11-20 12:19 - 2014-11-20 12:19 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2014-11-20 12:19 - 2014-11-20 12:19 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00050504 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00695624 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2017-04-06 12:08 - 2017-04-06 12:08 - 00009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00016712 _____ () C:\Program Files\Box\Box Sync\select.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00172872 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00170312 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00444816 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00029072 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00155536 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00065352 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00142224 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00050064 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00059792 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00037704 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00027536 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00229264 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2017-04-06 12:04 - 2017-04-06 12:04 - 00166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2012-12-12 22:47 - 2012-02-12 11:10 - 00029184 _____ () C:\Program Files (x86)\Lenovo\PowerMgr\US\PWMRT64V.DLL
2017-05-11 17:09 - 2017-05-09 02:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-11 17:09 - 2017-05-09 02:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2012-12-12 22:51 - 2012-01-16 23:29 - 00030512 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2012-12-12 22:43 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-05 16:15 - 2012-06-05 16:15 - 00092072 _____ () C:\Program Files (x86)\Lenovo\System Update\tvsutil.dll
2012-12-12 22:41 - 2011-12-15 19:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SUSAN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{8E613DB7-77ED-4945-A521-3EF0694B5C9D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0EC6AEE4-9DDB-477C-9000-29E4AB7D6D41}] => (Allow) LPort=2869
FirewallRules: [{2CB490FC-DDD9-43C9-AC2E-558F53FC270C}] => (Allow) LPort=1900
FirewallRules: [{F7A39A4B-CCD6-4701-A7A5-A9C1A4B7D3D6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AA153BC6-843B-4B70-9E14-0E06E8C2F67D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{81011AA4-9B4D-4B18-A529-B9E679177D4F}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{341FAA74-1299-4253-A62E-96ADD06F8F09}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Center\Data\bin\SSInstall.exe
FirewallRules: [{98C362E4-741A-4C49-955E-F0EE8292EB9A}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{6E42D06A-EABC-4D38-B045-A0647CAC3AEA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{A06663A9-510D-4F93-BD57-9566167792A4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{BB39B2AF-8A6C-4E26-B590-D2D7682DDF63}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{C197D8A2-D789-4C42-A160-472BE1EE493D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{969DC3E7-A889-411C-93B4-ED1AEB7BB59C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{F3AFAC3E-82F4-4A66-8137-BAF35DE44E8D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{FB5274A8-6259-4CCB-A21A-256BF29DBE72}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{686ACFBA-F0E4-437B-92E5-DB78F734AF07}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E184C559-6369-4307-B097-D64F05148239}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{301E2C60-CF15-4C85-98C1-35E3C0BBB460}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D108B272-C67D-4D9E-9C4A-D49090CD0A02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{782FB41F-0B9D-45AD-AC33-4D8BDD933851}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C29848CC-1040-4A9C-B06C-A0BD1BAD76AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{10A78B46-13BE-4FDB-89C2-5531837A8A19}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{CF591D6B-7ED2-4F1D-B547-80B79DEC00DC}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{1BF58E5F-CA7B-4529-BD13-E79B24717C82}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\nmap\nmap.exe
FirewallRules: [{31B9724A-4C10-4104-AB95-E8FAF654DAED}] => (Allow) C:\Program Files (x86)\Trend Micro\DRScanner\sdk\TmDrMon.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/02/2017 11:03:12 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:12 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:12 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:12 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (06/02/2017 11:03:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:11 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (06/02/2017 11:03:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (06/02/2017 11:03:11 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
Error: (06/02/2017 11:03:11 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4468) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00228.log.
 
 
System errors:
=============
Error: (06/02/2017 11:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/02/2017 11:03:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/02/2017 11:03:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/02/2017 11:03:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (06/02/2017 11:03:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/02/2017 11:03:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/02/2017 11:03:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
 
Error: (06/02/2017 11:02:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (06/02/2017 10:51:35 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (06/02/2017 03:12:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the file specified.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 57%
Total physical RAM: 3920.48 MB
Available physical RAM: 1669.04 MB
Total Virtual: 7839.14 MB
Available Virtual: 5512.45 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:96.65 GB) (Free:39.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:924.55 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.8 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 6B4DC029)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9D75519)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:39 PM

Posted 04 June 2017 - 07:14 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\Run: [comrr_35] => rundll32 "C:\Users\SUSAN\AppData\Roaming\Microsoft\Cmifprxy\Audiprx6.dll",DllRegisterServer
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1313929994-3195920268-994555279-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.
===

Please let me know what problem persists with this computer.

#4 goober_van

goober_van
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 05 June 2017 - 11:37 AM

Here are the results from the above instructions that I followed. The results maybe skewed because yesterday before you replied I used hitmanpro and it seemed to have found some issues and solved them. I no longer have the IE redirect problem. Thanks for your help.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by SUSAN (05-06-2017 09:12:30) Run:1
Running from C:\Users\SUSAN\Downloads
Loaded Profiles: SUSAN (Available Profiles: SUSAN)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\...\Run: [comrr_35] => rundll32 "C:\Users\SUSAN\AppData\Roaming\Microsoft\Cmifprxy\Audiprx6.dll",DllRegisterServer
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
SearchScopes: HKU\S-1-5-21-1313929994-3195920268-994555279-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enCA682
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-1313929994-3195920268-994555279-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
 
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\Software\Microsoft\Windows\CurrentVersion\Run\\comrr_35 => value not found.
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKU\S-1-5-21-1313929994-3195920268-994555279-1001\Software\MozillaPlugins\intel.com/AppUp => key removed successfully
C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll => not found.
C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\SUSAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\DgiVecp => key removed successfully
DgiVecp => service removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15582121 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 368536 B
Edge => 0 B
Chrome => 16974881 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558852 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 887784 B
SUSAN => 27807413 B
 
RecycleBin => 0 B
EmptyTemp: => 122.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:12:35 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:39 PM

Posted 06 June 2017 - 07:39 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users