Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps popping up with scheduled task mysa1.job, mysa2.job and ok.job


  • This topic is locked This topic is locked
3 replies to this topic

#1 copious69

copious69

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 17 July 2017 - 01:25 AM

Have removed a possible crypto infection.

 

Keep getting the following Task Scheduler jobs reappearing every 4 hours or so.  Cannot figure out where it is coming from.

 

Webroot, Malware and Sophos virus removal kit all claim there is no infection, but the task keep reappearing.

 

I have attached the Text files from FTST and copied them to this post.

 

+++++++++++++++++++++FRST.TXT+++++++++++++++++++++++++++++++++++++++++++

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by c1admin (administrator) on NTTS-PROXY-04 (17-07-2017 14:34:23)
Running from C:\_calibreone
Loaded Profiles: c1admin (Available Profiles: BladeLogicRSCD & c1admin & C1_Monitoring & Administrator)
Platform: Windows Server 2008 R2 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(EMC Corporation) C:\Program Files\avs\bin\avagent.exe
(Solarwinds MSP) C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe
(Solarwinds MSP) C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(N-able Technologies Inc.) C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(BladeLogic Inc.) C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCDsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(N-able Technologies Inc.) C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\NableSixtyFourBitManager.exe
(N-able Technologies Inc.) C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe
(N-able Technologies Inc.) C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMwareTray.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(EMC Corporation) C:\Program Files\avs\bin\avscc.exe
(Webroot) C:\Program Files (x86)\Webroot\WRSA.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Solarwinds MSP) C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcCnfg.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCD.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\_calibreone\SystemLook_x64.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VMware Tools] => C:\Program Files\VMware\VMware Tools\VMwareTray.exe [60056 2012-11-17] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [65688 2012-11-17] (VMware, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files (x86)\Webroot\WRSA.exe [987384 2017-06-26] (Webroot)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [BASupSrvcCnfg_N-Central] => C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcCnfg.exe [5209280 2017-06-14] (Solarwinds MSP)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\client.lnk [2014-06-05]
ShortcutTarget: client.lnk -> C:\Program Files\avs\bin\avscc.exe (EMC Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c9111437-5d34-4696-a3c4-a74ced1d99f9} <==== ATTENTION (Restriction - IP)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{4AA6A638-96C6-48F4-9F57-6262AB42EC8A}: [NameServer] 139.130.4.4
Tcpip\..\Interfaces\{88966462-8D3F-4B94-9848-C943436FE46B}: [NameServer] 192.168.10.10
 
Internet Explorer:
==================
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-26] (Webroot)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-26] (Oracle Corporation)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-06-26] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-26] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-26] (Oracle Corporation)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avbackup; C:\Program Files\avs\bin\avagent.exe [7932440 2014-01-14] (EMC Corporation)
R2 BASupportExpressSrvcUpdater_N_Central; C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe [1157312 2017-06-14] (Solarwinds MSP)
R2 BASupportExpressStandaloneService_N_Central; C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe [3959488 2017-06-14] (Solarwinds MSP)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-20] (Microsoft Corporation)
R2 RSCDsvc; C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCDsvc.exe [52224 2014-02-13] (BladeLogic Inc.) [File not signed]
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SMTPSVC; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 Windows Agent Maintenance Service; C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe [215992 2017-05-25] (N-able Technologies Inc.)
R2 Windows Agent Service; C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe [327608 2017-05-25] (N-able Technologies Inc.)
R2 WRSVC; C:\Program Files (x86)\Webroot\WRSA.exe [987384 2017-06-26] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-11] (Intel Corporation)
S3 pvscsi; C:\Windows\system32\drivers\pvscsi.sys [40048 2012-11-17] (VMware, Inc.)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R3 vmxnet3ndis6; C:\Windows\System32\DRIVERS\vmxnet3n61x64.sys [81560 2012-11-17] (VMware, Inc.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [138576 2017-07-17] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2017-06-26] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-17 14:28 - 2017-07-17 14:28 - 00000000 ____D C:\Users\c1admin\AppData\Local\NPE
2017-07-17 14:28 - 2017-07-17 14:28 - 00000000 ____D C:\ProgramData\Norton
2017-07-17 10:17 - 2017-07-17 10:17 - 00000000 ____D C:\Users\c1admin\Documents\ProcAlyzer Dumps
2017-07-17 10:08 - 2017-07-17 10:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-07-17 10:07 - 2017-07-17 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-07-17 10:07 - 2017-07-17 10:08 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-17 10:07 - 2017-07-17 10:07 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-07-17 10:07 - 2017-07-17 10:07 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-07-17 10:07 - 2017-07-17 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-07-17 10:07 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2017-07-17 08:53 - 2017-07-17 14:34 - 00000000 ____D C:\FRST
2017-07-17 08:21 - 2017-07-17 08:21 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-07-17 08:21 - 2017-07-17 08:21 - 00000000 ____D C:\ProgramData\Sophos
2017-07-17 08:21 - 2017-07-17 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-07-17 08:21 - 2017-07-17 08:21 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-07-17 02:40 - 2017-07-17 02:40 - 00289984 _____ C:\Windows\Minidump\071717-12308-01.dmp
2017-07-16 14:36 - 2017-07-16 14:36 - 00289984 _____ C:\Windows\Minidump\071617-10249-01.dmp
2017-07-16 11:32 - 2017-07-16 11:32 - 00289984 _____ C:\Windows\Minidump\071617-11169-01.dmp
2017-07-16 08:29 - 2017-07-16 08:29 - 00289984 _____ C:\Windows\Minidump\071617-10998-01.dmp
2017-07-16 02:25 - 2017-07-16 02:25 - 00289984 _____ C:\Windows\Minidump\071617-11887-01.dmp
2017-07-15 20:20 - 2017-07-15 20:20 - 00289984 _____ C:\Windows\Minidump\071517-10420-01.dmp
2017-07-15 14:16 - 2017-07-15 14:16 - 00289984 _____ C:\Windows\Minidump\071517-10108-01.dmp
2017-07-15 08:12 - 2017-07-15 08:12 - 00289984 _____ C:\Windows\Minidump\071517-10764-01.dmp
2017-07-15 05:08 - 2017-07-15 05:08 - 00289984 _____ C:\Windows\Minidump\071517-11122-01.dmp
2017-07-15 02:04 - 2017-07-15 02:04 - 00289984 _____ C:\Windows\Minidump\071517-12246-01.dmp
2017-07-14 23:00 - 2017-07-14 23:00 - 00289984 _____ C:\Windows\Minidump\071417-14211-01.dmp
2017-07-14 14:36 - 2017-07-14 14:37 - 44003024 _____ (Microsoft Corporation) C:\Users\c1admin\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-14 14:33 - 2017-07-14 14:33 - 65033984 _____ (Malwarebytes ) C:\Users\c1admin\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-12 15:15 - 2017-07-12 15:15 - 00000000 ____D C:\ProgramData\N-Able Technologies
2017-07-12 03:44 - 2017-06-30 13:45 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-07-12 03:44 - 2017-06-30 13:02 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-07-12 03:44 - 2017-06-30 12:27 - 02058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-07-12 03:44 - 2017-06-30 12:08 - 01363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-07-12 03:44 - 2017-06-29 15:57 - 25734656 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-07-12 03:44 - 2017-06-29 15:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-07-12 03:44 - 2017-06-29 15:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 03:44 - 2017-06-29 15:34 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-07-12 03:44 - 2017-06-29 15:33 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-07-12 03:44 - 2017-06-29 15:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-07-12 03:44 - 2017-06-29 15:32 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-07-12 03:44 - 2017-06-29 15:32 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-07-12 03:44 - 2017-06-29 15:32 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-07-12 03:44 - 2017-06-29 15:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-07-12 03:44 - 2017-06-29 15:24 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-07-12 03:44 - 2017-06-29 15:21 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-07-12 03:44 - 2017-06-29 15:20 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-07-12 03:44 - 2017-06-29 15:20 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-07-12 03:44 - 2017-06-29 15:20 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-07-12 03:44 - 2017-06-29 15:20 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-07-12 03:44 - 2017-06-29 15:14 - 05975552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-07-12 03:44 - 2017-06-29 15:13 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 03:44 - 2017-06-29 15:09 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-07-12 03:44 - 2017-06-29 15:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-07-12 03:44 - 2017-06-29 15:01 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-07-12 03:44 - 2017-06-29 15:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 03:44 - 2017-06-29 15:00 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-07-12 03:44 - 2017-06-29 14:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-07-12 03:44 - 2017-06-29 14:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-07-12 03:44 - 2017-06-29 14:53 - 20270592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-07-12 03:44 - 2017-06-29 14:53 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-07-12 03:44 - 2017-06-29 14:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-07-12 03:44 - 2017-06-29 14:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-07-12 03:44 - 2017-06-29 14:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-07-12 03:44 - 2017-06-29 14:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-07-12 03:44 - 2017-06-29 14:52 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-07-12 03:44 - 2017-06-29 14:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-07-12 03:44 - 2017-06-29 14:49 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-07-12 03:44 - 2017-06-29 14:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-07-12 03:44 - 2017-06-29 14:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-07-12 03:44 - 2017-06-29 14:44 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-07-12 03:44 - 2017-06-29 14:43 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-07-12 03:44 - 2017-06-29 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-07-12 03:44 - 2017-06-29 14:43 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-07-12 03:44 - 2017-06-29 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-07-12 03:44 - 2017-06-29 14:39 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-07-12 03:44 - 2017-06-29 14:39 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-07-12 03:44 - 2017-06-29 14:38 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-07-12 03:44 - 2017-06-29 14:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-07-12 03:44 - 2017-06-29 14:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-07-12 03:44 - 2017-06-29 14:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-07-12 03:44 - 2017-06-29 14:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-07-12 03:44 - 2017-06-29 14:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-07-12 03:44 - 2017-06-29 14:28 - 15253504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-07-12 03:44 - 2017-06-29 14:28 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-07-12 03:44 - 2017-06-29 14:26 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-07-12 03:44 - 2017-06-29 14:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-07-12 03:44 - 2017-06-29 14:24 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-07-12 03:44 - 2017-06-29 14:23 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-07-12 03:44 - 2017-06-29 14:22 - 04549632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-07-12 03:44 - 2017-06-29 14:18 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-07-12 03:44 - 2017-06-29 14:17 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-07-12 03:44 - 2017-06-29 14:16 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-07-12 03:44 - 2017-06-29 14:16 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-07-12 03:44 - 2017-06-29 14:13 - 13663744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-07-12 03:44 - 2017-06-29 14:11 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-07-12 03:44 - 2017-06-29 13:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-07-12 03:44 - 2017-06-29 13:58 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-07-12 03:44 - 2017-06-29 13:54 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-07-12 03:44 - 2017-06-29 13:53 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-07-12 03:44 - 2017-06-23 00:28 - 03223040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-07-12 03:44 - 2017-06-16 05:53 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-07-12 03:44 - 2017-06-13 08:24 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-07-12 03:44 - 2017-06-13 08:24 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-07-12 03:44 - 2017-06-13 08:24 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-07-12 03:44 - 2017-06-13 08:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 01363456 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2017-07-12 03:44 - 2017-06-13 08:19 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\pdhui.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-07-12 03:44 - 2017-06-13 08:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 01227264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2017-07-12 03:44 - 2017-06-13 07:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-07-12 03:44 - 2017-06-13 07:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdhui.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-07-12 03:44 - 2017-06-13 07:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-07-12 03:44 - 2017-06-13 07:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-07-12 03:44 - 2017-06-13 07:44 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\msinfo32.exe
2017-07-12 03:44 - 2017-06-13 07:44 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\perfmon.exe
2017-07-12 03:44 - 2017-06-13 07:44 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\resmon.exe
2017-07-12 03:44 - 2017-06-13 07:42 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-07-12 03:44 - 2017-06-13 07:42 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-07-12 03:44 - 2017-06-13 07:42 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-07-12 03:44 - 2017-06-13 07:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-07-12 03:44 - 2017-06-13 07:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-07-12 03:44 - 2017-06-13 07:36 - 00303616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe
2017-07-12 03:44 - 2017-06-13 07:36 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perfmon.exe
2017-07-12 03:44 - 2017-06-13 07:36 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resmon.exe
2017-07-12 03:44 - 2017-06-13 07:35 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-07-12 03:44 - 2017-06-11 01:29 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-07-12 03:44 - 2017-06-11 01:09 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-07-12 03:44 - 2017-06-10 01:03 - 01680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-07-12 03:44 - 2017-06-07 01:00 - 01867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-07-12 03:44 - 2017-06-07 00:42 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-07-12 03:44 - 2017-05-30 14:26 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-07-12 03:44 - 2017-05-30 14:26 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-07-12 03:44 - 2017-05-30 14:26 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-06-30 09:17 - 2017-05-21 13:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-30 09:17 - 2017-05-21 13:36 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-30 09:17 - 2017-05-17 01:05 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-30 09:17 - 2017-05-17 01:05 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-30 09:17 - 2017-05-17 01:00 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-06-30 08:40 - 2017-07-12 15:29 - 00000800 __RSH C:\Users\c1admin\ntuser.pol
2017-06-30 08:36 - 2017-06-30 08:36 - 00000000 ____D C:\Program Files (x86)\BeAnywhere Support Express
2017-06-30 08:35 - 2017-07-17 13:43 - 00000000 ____D C:\ProgramData\GetSupportService_N-Central
2017-06-30 08:35 - 2017-06-30 08:35 - 00000800 __RSH C:\Users\C1_Monitoring\ntuser.pol
2017-06-30 08:35 - 2017-06-30 08:35 - 00000000 ____D C:\Program Files (x86)\N-able Technologies
2017-06-30 08:33 - 2017-06-30 08:33 - 00058016 _____ C:\Users\C1_Monitoring\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-30 08:33 - 2017-06-30 08:33 - 00000000 ____D C:\Windows\Downloaded Installations
2017-06-30 08:32 - 2017-06-30 08:35 - 00000000 ____D C:\Users\C1_Monitoring
2017-06-30 08:32 - 2017-06-30 08:32 - 00001417 _____ C:\Users\C1_Monitoring\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-30 08:32 - 2017-06-30 08:32 - 00000020 ___SH C:\Users\C1_Monitoring\ntuser.ini
2017-06-30 08:32 - 2017-06-30 08:32 - 00000000 ____D C:\Users\C1_Monitoring\avscc_settings
2017-06-30 08:32 - 2017-06-30 08:32 - 00000000 ____D C:\Users\C1_Monitoring\AppData\Roaming\Avamar
2017-06-30 08:32 - 2017-06-30 08:32 - 00000000 ____D C:\Users\C1_Monitoring\AppData\Roaming\Adobe
2017-06-30 08:32 - 2017-06-30 08:32 - 00000000 ____D C:\Users\C1_Monitoring\AppData\Local\VirtualStore
2017-06-26 16:48 - 2016-08-17 06:10 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-06-26 16:48 - 2016-08-17 06:10 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-06-26 16:48 - 2016-05-13 00:48 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-06-26 16:48 - 2015-07-17 04:42 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-06-26 16:48 - 2015-07-17 04:42 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-06-26 16:48 - 2015-07-17 04:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-06-26 16:48 - 2015-07-17 04:41 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-06-26 16:48 - 2015-07-17 04:41 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-06-26 16:48 - 2015-07-17 04:41 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-06-26 16:48 - 2015-07-11 22:45 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-06-26 16:48 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2017-06-26 16:48 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2017-06-26 16:48 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2017-06-26 16:48 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2017-06-26 16:48 - 2014-07-09 11:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2017-06-26 16:48 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2017-06-26 16:48 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2017-06-26 16:48 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2017-06-26 16:48 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2017-06-26 16:48 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2017-06-26 16:48 - 2013-11-26 17:46 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-06-26 16:48 - 2013-11-23 08:18 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-06-26 16:48 - 2012-06-01 15:09 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2017-06-26 16:48 - 2012-06-01 15:06 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2017-06-26 16:48 - 2012-06-01 15:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2017-06-26 16:48 - 2012-06-01 15:05 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2017-06-26 16:48 - 2012-06-01 15:04 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2017-06-26 16:48 - 2012-06-01 15:03 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2017-06-26 16:48 - 2012-06-01 14:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2017-06-26 16:48 - 2012-06-01 14:07 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2017-06-26 16:48 - 2012-06-01 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2017-06-26 16:48 - 2012-06-01 14:05 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2017-06-26 16:48 - 2012-06-01 14:05 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2017-06-26 16:48 - 2012-06-01 14:04 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2017-06-26 16:47 - 2014-12-12 03:17 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-06-26 16:42 - 2017-06-26 16:42 - 00000000 ____D C:\Users\c1admin\AppData\Roaming\Sun
2017-06-26 16:41 - 2017-06-26 16:42 - 00000000 ____D C:\inetpub
2017-06-26 16:41 - 2017-06-26 16:41 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2017-06-26 16:33 - 2017-06-26 16:42 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2017-06-26 16:33 - 2017-06-26 16:42 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-06-26 16:33 - 2017-06-26 16:42 - 00000000 ____D C:\ProgramData\Oracle
2017-06-26 16:33 - 2017-06-26 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-26 16:33 - 2017-06-26 16:42 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-26 16:25 - 2015-02-04 12:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-06-26 16:25 - 2015-02-04 12:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-06-26 16:24 - 2017-06-02 17:40 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-26 16:24 - 2017-05-13 03:57 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-26 16:24 - 2017-05-13 03:56 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-26 16:24 - 2017-05-13 03:56 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-26 16:24 - 2017-05-13 03:56 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-26 16:24 - 2017-05-13 03:54 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:37 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-26 16:24 - 2017-05-13 03:37 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-26 16:24 - 2017-05-13 03:37 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-26 16:24 - 2017-05-13 03:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:25 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-26 16:24 - 2017-05-13 03:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-26 16:24 - 2017-05-13 03:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-26 16:24 - 2017-05-13 03:21 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-26 16:24 - 2017-05-13 03:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-26 16:24 - 2017-05-13 03:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-26 16:24 - 2017-05-13 03:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-26 16:24 - 2017-05-13 03:11 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-26 16:24 - 2017-05-13 03:11 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-26 16:24 - 2017-05-13 03:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-26 16:24 - 2017-05-13 03:10 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:10 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:10 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 03:10 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-26 16:24 - 2017-05-13 01:55 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-26 16:24 - 2017-05-13 01:28 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-26 16:24 - 2017-05-13 01:28 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-26 16:24 - 2017-05-11 00:59 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-26 16:24 - 2017-05-11 00:59 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-26 16:24 - 2017-05-11 00:59 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-26 16:24 - 2017-05-11 00:59 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-26 16:24 - 2017-05-11 00:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-26 16:24 - 2017-05-11 00:44 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-26 16:24 - 2017-05-11 00:43 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-26 16:24 - 2017-05-11 00:43 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-26 16:24 - 2017-05-11 00:43 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-26 16:24 - 2017-05-11 00:43 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-26 16:24 - 2017-05-11 00:43 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-26 16:24 - 2017-05-11 00:43 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-26 16:24 - 2017-05-11 00:42 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-26 16:24 - 2017-05-11 00:42 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-26 16:24 - 2017-05-11 00:30 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-26 16:24 - 2017-05-11 00:30 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-26 16:24 - 2017-05-11 00:30 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-26 16:24 - 2017-05-11 00:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-26 16:24 - 2017-05-11 00:22 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-26 16:24 - 2017-05-10 01:00 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-26 16:24 - 2017-05-10 00:59 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-26 16:24 - 2017-05-10 00:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-26 16:24 - 2017-05-08 01:03 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-26 16:24 - 2017-05-08 00:59 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-26 16:24 - 2017-04-28 08:20 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-26 16:24 - 2017-04-22 01:04 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-06-26 16:24 - 2017-04-22 00:45 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-06-26 16:24 - 2017-04-18 01:07 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-06-26 16:24 - 2017-04-18 01:07 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-06-26 16:24 - 2017-04-18 01:07 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-06-26 16:24 - 2017-04-18 01:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-06-26 16:24 - 2017-04-18 01:07 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-06-26 16:24 - 2017-04-18 00:42 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-06-26 16:24 - 2017-04-18 00:42 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-06-26 16:24 - 2017-04-18 00:42 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-06-26 16:24 - 2017-04-18 00:24 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-06-26 16:24 - 2017-04-13 01:02 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-06-26 16:24 - 2017-04-13 01:02 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-06-26 16:24 - 2017-04-13 01:02 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-06-26 16:24 - 2017-04-13 01:02 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-06-26 16:24 - 2017-04-13 00:56 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-06-26 16:24 - 2017-04-13 00:55 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-06-26 16:24 - 2017-04-13 00:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-06-26 16:24 - 2017-04-13 00:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-06-26 16:24 - 2017-04-12 22:35 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-26 16:24 - 2017-04-06 00:25 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-06-26 16:24 - 2017-04-06 00:25 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-06-26 16:24 - 2017-04-06 00:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-06-26 16:24 - 2017-04-05 00:23 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-06-26 16:24 - 2017-03-31 00:33 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-26 16:24 - 2017-03-31 00:28 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-26 16:24 - 2017-03-17 01:01 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\vmsntfy.dll
2017-06-26 16:24 - 2017-03-11 02:02 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-06-26 16:24 - 2017-03-11 02:02 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-06-26 16:24 - 2017-03-11 01:50 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-06-26 16:24 - 2017-03-11 01:50 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-06-26 16:24 - 2017-03-11 01:27 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-06-26 16:24 - 2017-03-11 01:25 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-06-26 16:24 - 2017-03-11 01:25 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-06-26 16:24 - 2017-03-08 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-06-26 16:24 - 2017-03-08 01:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-06-26 16:24 - 2017-03-04 10:57 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-06-26 16:24 - 2017-03-04 10:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-06-26 16:24 - 2017-02-10 02:02 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-06-26 16:24 - 2017-02-10 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-06-26 16:24 - 2017-02-10 02:02 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-06-26 16:24 - 2017-02-10 02:01 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-06-26 16:24 - 2017-02-10 02:01 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-06-26 16:24 - 2017-02-10 01:44 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-06-26 16:24 - 2017-02-10 01:44 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-06-26 16:24 - 2017-02-10 01:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-06-26 16:24 - 2017-02-10 01:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:06 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-06-26 16:24 - 2017-01-19 01:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-06-26 16:24 - 2017-01-14 03:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-06-26 16:24 - 2017-01-14 03:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-06-26 16:24 - 2017-01-14 03:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-06-26 16:24 - 2017-01-14 03:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-06-26 16:24 - 2017-01-13 03:07 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-06-26 16:24 - 2017-01-13 03:07 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2017-06-26 16:24 - 2017-01-13 03:07 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2017-06-26 16:24 - 2017-01-12 03:31 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-06-26 16:24 - 2017-01-12 03:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-06-26 16:24 - 2017-01-12 03:13 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-06-26 16:24 - 2017-01-12 03:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-06-26 16:24 - 2016-11-22 03:42 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-06-26 16:24 - 2016-11-21 01:49 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-06-26 16:24 - 2016-11-20 23:37 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-26 16:24 - 2016-11-11 02:02 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-06-26 16:24 - 2016-11-11 01:49 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-06-26 16:24 - 2016-11-10 02:11 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-06-26 16:24 - 2016-11-10 02:03 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-06-26 16:24 - 2016-11-10 02:03 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-06-26 16:24 - 2016-11-10 02:03 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-06-26 16:24 - 2016-11-10 02:03 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-06-26 16:24 - 2016-11-10 02:03 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-06-26 16:24 - 2016-11-10 01:47 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-06-26 16:24 - 2016-11-10 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-06-26 16:24 - 2016-11-10 01:47 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-06-26 16:24 - 2016-11-10 01:47 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-06-26 16:24 - 2016-11-10 01:32 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-06-26 16:24 - 2016-11-10 01:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-06-26 16:24 - 2016-10-12 01:02 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-06-26 16:24 - 2016-10-12 01:01 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-06-26 16:24 - 2016-10-12 01:01 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-06-26 16:24 - 2016-10-12 01:01 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-06-26 16:24 - 2016-10-12 01:01 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-06-26 16:24 - 2016-10-12 01:01 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-06-26 16:24 - 2016-10-12 01:01 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-06-26 16:24 - 2016-10-12 00:48 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-06-26 16:24 - 2016-10-12 00:48 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-06-26 16:24 - 2016-10-12 00:48 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-06-26 16:24 - 2016-10-12 00:48 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-06-26 16:24 - 2016-10-12 00:48 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-06-26 16:24 - 2016-10-12 00:25 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-06-26 16:24 - 2016-10-11 23:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-06-26 16:24 - 2016-10-11 22:48 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-06-26 16:24 - 2016-10-11 22:47 - 00419648 _____ C:\Windows\system32\locale.nls
2017-06-26 16:24 - 2016-10-11 22:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-06-26 16:24 - 2016-10-08 22:36 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-06-26 16:24 - 2016-10-06 00:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-06-26 16:24 - 2016-09-16 00:26 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-06-26 16:24 - 2016-09-13 06:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-06-26 16:24 - 2016-09-13 06:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-06-26 16:24 - 2016-09-09 00:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-06-26 16:24 - 2016-08-23 01:49 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-06-26 16:24 - 2016-08-13 01:56 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-06-26 16:24 - 2016-08-07 01:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-06-26 16:24 - 2016-08-07 00:45 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-06-26 16:24 - 2016-08-07 00:45 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-06-26 16:24 - 2016-08-07 00:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-06-26 16:24 - 2016-08-07 00:45 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-06-26 16:24 - 2016-08-07 00:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-06-26 16:24 - 2016-08-07 00:31 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-06-26 16:24 - 2016-08-07 00:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-06-26 16:24 - 2016-08-07 00:23 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-06-26 16:24 - 2016-08-07 00:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-06-26 16:24 - 2016-08-07 00:23 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-06-26 16:24 - 2016-06-15 02:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-06-26 16:24 - 2016-06-15 02:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-06-26 16:24 - 2016-06-15 00:51 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-06-26 16:24 - 2016-06-15 00:51 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-06-26 16:24 - 2016-06-15 00:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-06-26 16:24 - 2016-06-15 00:51 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-06-26 16:24 - 2016-06-15 00:51 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-06-26 16:24 - 2016-06-15 00:51 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-06-26 16:24 - 2016-06-15 00:45 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-06-26 16:24 - 2016-05-12 22:35 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-06-26 16:24 - 2016-05-12 22:34 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-06-26 16:22 - 2017-06-26 16:22 - 00000000 ____D C:\Users\c1admin\AppData\Roaming\Adobe
2017-06-26 15:56 - 2016-04-09 13:50 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-06-26 15:56 - 2016-04-09 13:22 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-06-26 15:56 - 2015-12-09 07:24 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-06-26 15:56 - 2015-12-09 07:24 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-06-26 15:56 - 2015-12-09 07:23 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-06-26 15:56 - 2015-12-09 07:23 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-06-26 15:56 - 2015-12-09 07:23 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-06-26 15:56 - 2015-12-09 04:37 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-06-26 15:56 - 2015-12-09 04:37 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-06-26 15:56 - 2015-12-09 04:37 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-06-26 15:56 - 2015-12-09 04:37 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-06-26 15:56 - 2015-12-09 04:36 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-06-26 15:56 - 2013-10-14 17:30 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-06-26 15:53 - 2016-04-14 23:19 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-06-26 15:53 - 2016-04-14 22:51 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-06-26 15:52 - 2015-07-31 03:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-06-26 15:52 - 2015-07-31 03:27 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2017-06-26 15:51 - 2017-06-26 15:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-06-26 15:51 - 2017-06-26 15:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-06-26 15:51 - 2017-06-26 15:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-06-26 15:51 - 2017-06-26 15:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-06-26 15:42 - 2017-07-17 02:41 - 00000075 _____ C:\Windows\system32\p
2017-06-26 15:42 - 2017-07-13 07:27 - 00000060 _____ C:\Windows\system32\s
2017-06-26 14:57 - 2017-06-30 08:35 - 00783128 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-06-26 14:17 - 2017-07-13 07:20 - 00000000 ____D C:\Windows\system32\MRT
2017-06-26 14:05 - 2017-06-26 14:05 - 00007604 _____ C:\Users\c1admin\AppData\Local\Resmon.ResmonCfg
2017-06-26 13:59 - 2013-10-02 11:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-06-26 13:59 - 2013-10-02 11:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-06-26 13:59 - 2013-10-02 11:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-06-26 13:59 - 2013-10-02 11:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-06-26 13:59 - 2013-10-02 11:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-06-26 13:59 - 2013-10-02 10:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-06-26 13:59 - 2013-10-02 09:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-06-26 13:59 - 2013-10-02 09:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-06-26 13:59 - 2013-10-02 09:01 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-06-26 13:59 - 2013-10-02 08:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-06-26 13:57 - 2017-06-26 13:57 - 00000005 _____ C:\Windows\system32\1.txt
2017-06-26 13:54 - 2012-03-01 16:16 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2017-06-26 13:54 - 2012-03-01 15:58 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2017-06-26 13:54 - 2012-03-01 14:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2017-06-26 13:53 - 2012-07-26 14:25 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2017-06-26 13:53 - 2012-07-26 12:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2017-06-26 13:53 - 2012-06-03 00:05 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-06-26 13:47 - 2012-07-26 12:38 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2017-06-26 13:47 - 2012-07-26 12:38 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2017-06-26 13:47 - 2012-07-26 12:38 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-06-26 13:47 - 2012-07-26 12:38 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2017-06-26 13:47 - 2012-07-26 12:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2017-06-26 13:47 - 2012-07-26 11:56 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2017-06-26 13:47 - 2012-07-26 11:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2017-06-26 13:47 - 2012-06-03 00:27 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2017-06-26 13:35 - 2013-01-14 06:47 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:47 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 06:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-06-26 13:35 - 2013-01-14 05:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-06-26 13:35 - 2013-01-14 05:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2017-06-26 13:35 - 2013-01-14 05:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2017-06-26 13:35 - 2013-01-14 05:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2017-06-26 13:35 - 2013-01-14 05:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-06-26 13:35 - 2013-01-14 05:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2017-06-26 13:35 - 2013-01-14 05:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2017-06-26 13:35 - 2013-01-14 05:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-06-26 13:35 - 2013-01-14 05:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-06-26 13:35 - 2013-01-14 04:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2017-06-26 13:35 - 2013-01-14 04:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-06-26 13:35 - 2013-01-14 04:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-06-26 13:35 - 2013-01-14 04:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2017-06-26 13:35 - 2013-01-14 03:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-06-26 13:35 - 2013-01-14 02:56 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-06-26 13:35 - 2013-01-14 02:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-06-26 13:30 - 2016-07-23 00:28 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-06-26 13:30 - 2016-07-23 00:21 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-06-26 13:30 - 2016-01-09 04:26 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2017-06-26 13:30 - 2016-01-09 04:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2017-06-26 13:30 - 2015-12-17 04:23 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-06-26 13:30 - 2015-12-17 04:23 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-06-26 13:30 - 2015-12-17 04:23 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-06-26 13:30 - 2015-12-17 04:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-06-26 13:30 - 2015-12-17 04:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-06-26 13:30 - 2015-12-17 04:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-06-26 13:30 - 2015-06-10 05:04 - 00565760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-06-26 13:30 - 2015-06-10 03:33 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-06-26 13:30 - 2015-04-14 12:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\EsdSip.dll
2017-06-26 13:30 - 2015-04-14 12:35 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EsdSip.dll
2017-06-26 13:30 - 2012-11-02 15:31 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-26 13:30 - 2012-11-02 15:30 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2017-06-26 13:30 - 2012-11-02 14:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-26 13:30 - 2012-07-05 05:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2017-06-26 13:28 - 2016-07-08 00:38 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-06-26 13:28 - 2016-02-04 03:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-06-26 13:28 - 2015-08-06 03:26 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-06-26 13:28 - 2015-08-06 02:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-06-26 13:28 - 2015-07-15 12:49 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2017-06-26 13:28 - 2013-08-05 11:55 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2017-06-26 13:28 - 2013-07-03 13:35 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2017-06-26 13:28 - 2013-07-03 13:35 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2017-06-26 13:28 - 2012-03-17 17:28 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2017-06-26 13:27 - 2016-02-06 04:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-06-26 13:27 - 2016-02-06 03:03 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-06-26 13:27 - 2015-12-09 07:23 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-06-26 13:27 - 2015-12-09 04:37 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-06-26 13:27 - 2015-07-10 03:28 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-06-26 13:27 - 2015-07-10 03:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2017-06-26 13:27 - 2015-07-10 03:12 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-06-26 13:27 - 2015-07-10 03:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2017-06-26 13:27 - 2015-04-11 12:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2017-06-26 13:27 - 2014-12-19 12:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2017-06-26 13:27 - 2014-03-04 19:14 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2017-06-26 13:27 - 2014-03-04 19:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2017-06-26 13:27 - 2014-03-04 19:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2017-06-26 13:27 - 2014-03-04 19:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2017-06-26 13:27 - 2014-03-04 19:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2017-06-26 13:27 - 2014-03-04 19:13 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2017-06-26 13:27 - 2014-03-04 19:13 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2017-06-26 13:27 - 2014-03-04 18:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2017-06-26 13:27 - 2013-10-19 11:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2017-06-26 13:27 - 2013-10-19 11:06 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2017-06-26 13:27 - 2013-04-26 09:00 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-06-26 13:27 - 2013-04-01 08:22 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-06-26 13:27 - 2013-02-12 13:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2017-06-26 13:27 - 2012-10-10 03:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2017-06-26 13:27 - 2012-10-10 03:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2017-06-26 13:27 - 2012-10-10 03:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2017-06-26 13:27 - 2012-10-10 03:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2017-06-26 13:27 - 2012-08-22 06:31 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2017-06-26 13:26 - 2016-05-12 02:32 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-06-26 13:26 - 2016-05-12 00:49 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-06-26 13:26 - 2016-03-17 04:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-06-26 13:26 - 2016-03-17 03:58 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-06-26 13:26 - 2016-03-17 03:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-06-26 13:26 - 2015-10-30 03:20 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-06-26 13:26 - 2015-10-30 03:20 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-06-26 13:26 - 2015-10-30 03:20 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-06-26 13:26 - 2015-10-30 03:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-06-26 13:26 - 2015-10-30 03:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-06-26 13:26 - 2015-10-30 03:19 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-06-26 13:26 - 2015-10-30 03:19 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-06-26 13:26 - 2015-08-28 03:48 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-06-26 13:26 - 2015-08-28 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2017-06-26 13:26 - 2015-08-28 03:28 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-06-26 13:26 - 2015-08-28 03:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2017-06-26 13:26 - 2015-06-04 05:52 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-06-26 13:26 - 2015-06-04 05:47 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-06-26 13:26 - 2015-04-13 12:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-06-26 13:26 - 2014-12-08 12:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2017-06-26 13:26 - 2014-12-08 12:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2017-06-26 13:26 - 2014-09-04 14:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-06-26 13:26 - 2014-09-04 14:34 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2017-06-26 13:26 - 2014-06-19 07:53 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2017-06-26 13:26 - 2013-10-12 12:00 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-06-26 13:26 - 2013-10-12 11:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-06-26 13:26 - 2013-10-12 11:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2017-06-26 13:26 - 2013-10-12 11:33 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-06-26 13:26 - 2013-10-12 11:31 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2017-06-26 13:26 - 2013-06-26 08:25 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-06-26 13:26 - 2013-05-13 15:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2017-06-26 13:26 - 2013-05-13 13:13 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-26 13:26 - 2013-05-13 12:38 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-26 13:26 - 2013-05-13 12:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-06-26 13:26 - 2012-10-04 03:14 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2017-06-26 13:26 - 2012-10-04 02:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2017-06-26 13:26 - 2012-01-04 20:14 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-06-26 13:26 - 2012-01-04 18:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2017-06-26 13:26 - 2011-06-16 15:19 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2017-06-26 13:26 - 2011-06-16 14:03 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2017-06-26 13:25 - 2015-11-12 04:23 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-06-26 13:25 - 2015-11-12 04:23 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-06-26 13:25 - 2015-11-12 04:09 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-06-26 13:25 - 2015-11-12 04:09 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-06-26 13:25 - 2015-07-23 09:32 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-06-26 13:25 - 2015-07-23 03:23 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-06-26 13:25 - 2015-05-26 03:49 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-06-26 13:25 - 2015-05-26 03:48 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-06-26 13:25 - 2015-05-26 03:48 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-06-26 13:25 - 2015-05-26 03:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-06-26 13:25 - 2015-05-26 03:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-06-26 13:25 - 2015-05-26 03:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-06-26 13:25 - 2015-05-26 03:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-06-26 13:25 - 2015-05-26 03:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-06-26 13:25 - 2015-05-26 03:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-06-26 13:25 - 2015-05-26 03:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-06-26 13:25 - 2015-05-26 03:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-06-26 13:25 - 2015-05-26 03:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-06-26 13:25 - 2015-04-25 03:47 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2017-06-26 13:25 - 2015-04-25 03:26 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2017-06-26 13:25 - 2012-11-02 15:29 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-06-26 13:25 - 2012-11-02 14:41 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-06-26 13:25 - 2011-10-20 14:52 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\DfsRes.dll
2017-06-26 13:25 - 2011-10-20 13:44 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DfsRes.dll
2017-06-26 13:25 - 2011-09-07 15:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\sisbkup.dll
2017-06-26 13:25 - 2011-09-07 14:00 - 00019456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sisbkup.dll
2017-06-26 13:24 - 2016-05-12 02:32 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-06-26 13:24 - 2016-05-12 02:32 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-06-26 13:24 - 2016-05-12 02:32 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-06-26 13:24 - 2016-05-12 00:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-06-26 13:24 - 2016-05-12 00:49 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-06-26 13:24 - 2016-05-12 00:49 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-06-26 13:24 - 2016-05-12 00:41 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-06-26 13:24 - 2016-05-12 00:31 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-06-26 13:24 - 2016-05-12 00:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-06-26 13:24 - 2016-01-21 10:21 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-06-26 13:24 - 2015-11-14 08:39 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-06-26 13:24 - 2015-11-14 08:39 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-06-26 13:24 - 2015-11-14 08:38 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-06-26 13:24 - 2015-11-14 08:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-06-26 13:24 - 2015-11-14 08:20 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-06-26 13:24 - 2015-11-14 08:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-06-26 13:24 - 2015-11-06 04:35 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-06-26 13:24 - 2015-11-06 04:32 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2017-06-26 13:24 - 2015-11-05 19:23 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-06-26 13:24 - 2015-11-04 04:34 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-06-26 13:24 - 2015-11-04 04:25 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-06-26 13:24 - 2015-07-10 03:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2017-06-26 13:24 - 2015-07-10 03:12 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-06-26 13:24 - 2015-03-04 14:11 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2017-06-26 13:24 - 2015-03-04 13:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2017-06-26 13:24 - 2014-12-06 13:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2017-06-26 13:24 - 2014-12-06 13:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2017-06-26 13:24 - 2014-12-06 13:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2017-06-26 13:24 - 2014-07-17 11:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-06-26 13:24 - 2014-07-17 11:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2017-06-26 13:24 - 2014-07-17 11:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2017-06-26 13:24 - 2014-07-17 11:10 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2017-06-26 13:24 - 2014-07-17 10:51 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-06-26 13:24 - 2014-06-18 11:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2017-06-26 13:24 - 2014-06-18 11:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2017-06-26 13:24 - 2013-10-12 12:02 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2017-06-26 13:24 - 2013-10-12 12:01 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2017-06-26 13:24 - 2013-10-12 11:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2017-06-26 13:24 - 2013-10-12 11:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2017-06-26 13:24 - 2013-10-12 11:03 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2017-06-26 13:24 - 2013-10-12 11:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2017-06-26 13:24 - 2013-10-12 10:45 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-06-26 13:24 - 2013-10-12 10:45 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-06-26 13:24 - 2013-07-26 11:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-06-26 13:24 - 2013-07-26 11:25 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-06-26 13:24 - 2012-10-04 03:14 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2017-06-26 13:24 - 2012-10-04 03:14 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2017-06-26 13:24 - 2012-07-05 07:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2017-06-26 13:24 - 2012-07-05 07:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2017-06-26 13:24 - 2012-07-05 07:43 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2017-06-26 13:24 - 2012-07-05 06:46 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2017-06-26 13:24 - 2012-07-05 06:44 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2017-06-26 13:24 - 2012-04-26 15:11 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2017-06-26 13:24 - 2012-04-26 15:04 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2017-06-26 13:23 - 2016-06-26 09:57 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-06-26 13:23 - 2016-06-26 05:23 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-06-26 13:23 - 2016-06-26 05:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-06-26 13:23 - 2016-06-26 05:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-06-26 13:23 - 2015-10-13 14:27 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-26 13:23 - 2014-11-11 12:38 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2017-06-26 13:23 - 2014-11-11 12:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2017-06-26 13:23 - 2013-05-10 15:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2017-06-26 13:23 - 2013-05-10 12:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2017-06-26 13:23 - 2011-12-30 15:56 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2017-06-26 13:23 - 2011-12-30 14:57 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2017-06-26 13:22 - 2016-05-13 02:45 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-06-26 13:22 - 2016-05-13 02:44 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-06-26 13:22 - 2016-05-13 02:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2017-06-26 13:22 - 2016-05-13 00:48 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-06-26 13:22 - 2016-05-13 00:48 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-06-26 13:22 - 2016-05-13 00:48 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-06-26 13:22 - 2016-05-13 00:48 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-06-26 13:22 - 2016-05-13 00:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-06-26 13:22 - 2016-05-13 00:36 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2017-06-26 13:22 - 2016-05-13 00:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2017-06-26 13:22 - 2016-05-13 00:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2017-06-26 13:22 - 2016-03-10 04:30 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-06-26 13:22 - 2016-03-10 04:10 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-06-26 13:22 - 2015-02-03 13:01 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2017-06-26 13:22 - 2015-02-03 12:42 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2017-06-26 13:22 - 2014-10-25 11:27 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2017-06-26 13:22 - 2014-10-25 11:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2017-06-26 13:22 - 2014-08-01 21:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2017-06-26 13:22 - 2014-08-01 21:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-06-26 13:22 - 2014-01-29 12:02 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-06-26 13:22 - 2014-01-29 11:36 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-06-26 13:22 - 2013-12-04 11:57 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2017-06-26 13:22 - 2013-12-04 11:57 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2017-06-26 13:22 - 2013-12-04 11:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2017-06-26 13:22 - 2013-12-04 11:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2017-06-26 13:22 - 2013-12-04 11:56 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2017-06-26 13:22 - 2013-12-04 11:46 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2017-06-26 13:22 - 2013-12-04 11:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2017-06-26 13:22 - 2013-12-04 11:46 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2017-06-26 13:22 - 2013-12-04 11:46 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2017-06-26 13:22 - 2013-12-04 11:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2017-06-26 13:22 - 2013-12-04 11:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2017-06-26 13:22 - 2013-12-04 11:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2017-06-26 13:22 - 2013-12-04 11:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2017-06-26 13:22 - 2013-12-04 11:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2017-06-26 13:22 - 2013-12-04 11:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2017-06-26 13:22 - 2013-12-04 11:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2017-06-26 13:22 - 2013-12-04 11:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2017-06-26 13:22 - 2013-12-04 11:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2017-06-26 13:22 - 2013-10-30 12:02 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2017-06-26 13:22 - 2013-10-30 11:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2017-06-26 13:22 - 2013-10-04 11:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2017-06-26 13:22 - 2013-10-04 11:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2017-06-26 13:22 - 2013-10-04 11:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2017-06-26 13:22 - 2013-10-04 11:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2017-06-26 13:22 - 2012-11-23 12:43 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2017-06-26 13:22 - 2011-03-11 16:11 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2017-06-26 13:22 - 2011-03-11 16:11 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2017-06-26 13:22 - 2011-03-11 16:11 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2017-06-26 13:22 - 2011-03-11 16:11 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2017-06-26 13:22 - 2011-03-11 16:11 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2017-06-26 13:22 - 2011-03-11 16:03 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-06-26 13:22 - 2011-03-11 16:00 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2017-06-26 13:22 - 2011-03-11 15:03 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2017-06-26 13:22 - 2011-03-11 15:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2017-06-26 13:22 - 2011-02-18 20:21 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2017-06-26 13:22 - 2011-02-18 15:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2017-06-26 13:21 - 2016-02-09 19:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-06-26 13:21 - 2015-08-06 03:26 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2017-06-26 13:21 - 2014-10-14 11:43 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2017-06-26 13:21 - 2014-02-04 12:05 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-06-26 13:21 - 2014-02-04 12:05 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-26 13:21 - 2014-02-04 12:05 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2017-06-26 13:21 - 2014-02-04 11:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2017-06-26 13:21 - 2014-02-04 11:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2017-06-26 13:02 - 2012-02-17 16:08 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-06-26 13:02 - 2012-02-17 15:04 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-06-26 13:02 - 2012-02-17 14:27 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2017-06-26 12:58 - 2017-06-26 12:58 - 00000000 ____D C:\Users\c1admin\AppData\LocalLow\Sun
2017-06-26 12:45 - 2017-06-26 12:45 - 00066328 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2017-06-26 12:45 - 2017-06-26 12:45 - 00000000 ____D C:\Program Files\Common Files\Webroot
2017-06-26 12:36 - 2017-07-17 14:08 - 00138576 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2017-06-26 12:36 - 2017-07-17 11:48 - 00000000 ____D C:\ProgramData\WRData
2017-06-26 12:36 - 2017-06-26 12:45 - 00184752 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-06-26 12:36 - 2017-06-26 12:45 - 00118376 _____ (Webroot) C:\Windows\system32\WRusr.dll
2017-06-26 12:36 - 2017-06-26 12:36 - 00000000 ____D C:\TempPath
2017-06-26 12:36 - 2017-06-26 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2017-06-26 12:36 - 2017-06-26 12:36 - 00000000 ____D C:\Program Files (x86)\Webroot
2017-06-26 12:34 - 2017-07-17 14:28 - 00000000 ____D C:\_calibreone
2017-06-26 12:03 - 2017-07-17 02:40 - 300981569 _____ C:\Windows\MEMORY.DMP
2017-06-26 12:03 - 2017-07-17 02:40 - 00000000 ____D C:\Windows\Minidump
2017-06-26 12:03 - 2017-06-26 12:03 - 00289984 _____ C:\Windows\Minidump\062617-11372-01.dmp
2017-06-26 11:39 - 2017-06-26 11:39 - 00000000 ____H C:\Users\c1admin\Documents\Default.rdp
2017-06-25 13:08 - 2017-06-26 15:48 - 00058016 _____ C:\Users\c1admin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-25 13:08 - 2017-06-25 13:08 - 00000000 ____D C:\Users\c1admin\avscc_settings
2017-06-25 13:08 - 2017-06-25 13:08 - 00000000 ____D C:\Users\c1admin\AppData\Roaming\Avamar
2017-06-25 13:07 - 2017-07-17 08:27 - 00000000 ____D C:\Users\c1admin\AppData\Local\VirtualStore
2017-06-25 13:07 - 2017-07-12 15:29 - 00000000 ____D C:\Users\c1admin
2017-06-25 13:07 - 2017-06-26 16:22 - 00001417 _____ C:\Users\c1admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-25 13:07 - 2017-06-25 13:07 - 00000020 ___SH C:\Users\c1admin\ntuser.ini
2017-06-25 12:11 - 2017-06-25 12:11 - 00000000 ____D C:\Windows\BLTemp
2017-06-25 11:56 - 2017-07-12 15:44 - 00000000 ____D C:\temp
2017-06-25 11:56 - 2017-06-25 11:56 - 00000000 ____D C:\tmp
2017-06-25 11:44 - 2017-06-25 11:44 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-06-25 11:44 - 2017-06-25 11:44 - 00000000 ____D C:\Users\Administrator
2017-06-25 11:40 - 2017-06-25 11:40 - 00000020 ___SH C:\Users\BladeLogicRSCD.U1635722000017\ntuser.ini
2017-06-25 11:40 - 2017-06-25 11:40 - 00000000 ____D C:\Users\BladeLogicRSCD.U1635722000017
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-17 11:42 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\Help
2017-07-17 08:45 - 2009-07-14 14:19 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-17 08:45 - 2009-07-14 14:19 - 00016624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-17 02:50 - 2009-07-14 14:40 - 00774296 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-17 02:50 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\inf
2017-07-17 02:43 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\system32\inetsrv
2017-07-17 02:41 - 2009-07-14 14:36 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-17 02:41 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\Registration
2017-07-14 14:39 - 2011-02-02 17:20 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-13 08:04 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\rescache
2017-07-13 07:27 - 2009-07-14 14:19 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-12 03:18 - 2013-03-21 13:15 - 00001306 __RSH C:\ProgramData\ntuser.pol
2017-06-26 16:56 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-06-26 16:42 - 2009-07-14 14:37 - 00000000 ____D C:\Windows\system32\ServerManager
2017-06-26 16:40 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\system32\ias
2017-06-26 16:40 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\security
2017-06-26 16:34 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-06-26 16:33 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\system32\Dism
2017-06-26 16:33 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-26 15:38 - 2009-07-14 12:50 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-06-25 11:38 - 2011-02-03 00:08 - 00000000 ____D C:\Windows\Panther
 
==================== Files in the root of some directories =======
 
2017-06-26 14:05 - 2017-06-26 14:05 - 0007604 _____ () C:\Users\c1admin\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-12 00:34
 
==================== End of FRST.txt ============================
 
+++++++++++++++++++++++ADDITION.TXT++++++++++++++++++++++++++
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by c1admin (17-07-2017 14:35:00)
Running from C:\_calibreone
Windows Server 2008 R2 Enterprise Service Pack 1 (X64) (2017-06-25 02:10:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3668615208-2999039653-3526226260-500 - Administrator - Enabled) => C:\Users\Administrator
BladeLogicRSCD (S-1-5-21-3668615208-2999039653-3526226260-1003 - Limited - Enabled) => C:\Users\BladeLogicRSCD.U1635722000017
c1admin (S-1-5-21-3668615208-2999039653-3526226260-1004 - Administrator - Enabled) => C:\Users\c1admin
c1admin2 (S-1-5-21-3668615208-2999039653-3526226260-1006 - Administrator - Enabled)
C1_Monitoring (S-1-5-21-3668615208-2999039653-3526226260-1005 - Administrator - Enabled) => C:\Users\C1_Monitoring
Guest (S-1-5-21-3668615208-2999039653-3526226260-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
BMC Server Automation RSCD Agent (HKLM\...\{E26275BD-225F-4530-B307-EADA6AF36747}) (Version: 8.3.03.82 - BMC Software, Inc.)
EMC Avamar for Windows (HKLM\...\{F25CD72F-FB1E-40AB-A033-7F9DA37D3756}) (Version: 7.0.101.61 - EMC Avamar Irvine,CA,USA 949-743-5100)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
VMware Tools (HKLM\...\{4668E06F-77AF-4F70-8EC7-E85BBF442B3F}) (Version: 8.6.10.18555 - VMware, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\{98C3BECF-DD5F-44D2-8EF3-48A980917182}) (Version: 9.12.52 - Webroot)
Windows Agent (HKLM-x32\...\{7DC0BE05-4F7C-4E30-893F-C892D1641844}) (Version: 11.0.11042 - N-able Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers01: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers01: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers01: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-06-26] (Webroot)
ContextMenuHandlers06: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers06: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers06: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-06-26] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {614E7E75-0967-467B-89E6-6EA1F845801B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {7D961DEB-E024-4A30-AD0C-0D6E8F3B64C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)
Task: {E31D9B16-210F-4A68-8BE2-2D510C070063} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI_ActiveScriptEventConsumer_bleepyoumm2_consumer: <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-13 05:23 - 2014-02-13 05:23 - 01033216 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\log4c.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00121344 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\gx64krb5.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00401920 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\blsrp.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00010752 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\BLerrors.dll
2012-11-17 08:18 - 2012-11-17 08:18 - 00077824 _____ () C:\Program Files\VMware\VMware Tools\sigc-2.0.dll
2012-11-17 08:18 - 2012-11-17 08:18 - 00780440 _____ () C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00531456 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCD.exe
2014-02-13 05:23 - 2014-02-13 05:23 - 00329216 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\bladmin.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00074752 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\libhsreg.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00586240 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\commonutil.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00011776 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\blgac.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 02041856 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\libagentrpc.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00140288 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\rpccommon.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00871936 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\daalcore.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00007680 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\blinexclude.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00115200 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\xmlrpc.dll
2014-02-13 05:23 - 2014-02-13 05:23 - 00942592 _____ () C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\iconv64.dll
2017-07-17 14:17 - 2017-07-17 14:16 - 00165376 _____ () C:\_calibreone\SystemLook_x64.exe
2013-05-14 00:12 - 2013-05-14 00:12 - 00107520 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\ZLIB1.DLL
2016-09-21 09:15 - 2016-09-21 09:15 - 00662333 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\TURBOJPEG.DLL
2017-05-04 12:37 - 2017-05-04 12:37 - 00491520 _____ () C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\SnmpComp.dll
2017-06-14 02:53 - 2017-06-14 02:53 - 00280256 _____ () C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcCnfgEN.dll
2017-07-17 10:07 - 2016-09-13 14:00 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-07-17 10:07 - 2016-09-13 14:00 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-07-17 10:07 - 2016-09-13 14:00 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-07-17 10:07 - 2017-05-12 11:36 - 00507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Maintenance Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 12:04 - 2017-06-26 16:48 - 00006481 _____ C:\Windows\system32\Drivers\etc\hosts
 
58.162.77.27 smtp.vic.svc.cloud.telstra.com58.162.73.4 tsbava09un01.tsb.avamar.com.au tsbava09un01
58.162.73.5 tsbava10un01.tsb.avamar.com.au tsbava10un01
58.162.73.6 tsbava11un01.tsb.avamar.com.au tsbava11un01
58.162.73.7 tsbava12un01.tsb.avamar.com.au tsbava12un01
58.162.73.8 tsbava13un01.tsb.avamar.com.au tsbava13un01
58.162.73.9 tsbava14un01.tsb.avamar.com.au tsbava14un01
58.162.73.10 tsbava15un01.tsb.avamar.com.au tsbava15un01
58.162.73.11 tsbava16un01.tsb.avamar.com.au tsbava16un01
58.162.73.12 tsbava17un01.tsb.avamar.com.au tsbava17un01
58.162.73.13 tsbava18un01.tsb.avamar.com.au tsbava18un01
58.162.73.14 tsbava19un01.tsb.avamar.com.au tsbava19un01
58.162.73.15 tsbava20un01.tsb.avamar.com.au tsbava20un01
58.162.73.16 tsbava21un01.tsb.avamar.com.au tsbava21un01
58.162.73.254 tsbdd01.tsb.avamar.com.au tsbdd01
58.162.73.253 tsbdd02.tsb.avamar.com.au tsbdd0258.162.72.4 stlava01un01.tsb.avamar.com.au stlava01un01
58.162.72.21 stlava02un01.tsb.avamar.com.au stlava02un01
58.162.72.38 stlava03un01.tsb.avamar.com.au stlava03un01
58.162.72.39 stlava04un01.tsb.avamar.com.au stlava04un01
58.162.72.40 stlava05un01.tsb.avamar.com.au stlava05un01
58.162.72.41 stlava06un01.tsb.avamar.com.au stlava06un01
58.162.72.42 stlava07un01.tsb.avamar.com.au stlava07un01
58.162.72.43 stlava08un01.tsb.avamar.com.au stlava08un01
58.162.72.44 stlava09un01.tsb.avamar.com.au stlava09un01
58.162.72.45 stlava10un01.tsb.avamar.com.au stlava10un01
58.162.72.46 stlava11un01.tsb.avamar.com.au stlava11un01
58.162.72.47 stlava12un01.tsb.avamar.com.au stlava12un01
58.162.72.48 stlava13un01.tsb.avamar.com.au stlava13un01
58.162.72.49 stlava14un01.tsb.avamar.com.au stlava14un01
58.162.72.253 stldd01.tsb.avamar.com.au stldd0158.162.75.4 dcbava06un01.dcb.avamar.com.au dcbava06un01
58.162.75.5 dcbava07un01.dcb.avamar.com.au dcbava07un01
 
There are 91 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.10.10 - 139.130.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [{10995707-BCF9-4C5C-8739-D8DA43B16394}] => (Allow) C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCD.exe
FirewallRules: [{8FEDDD37-B51A-463F-B406-AB19B762A039}] => (Allow) C:\Program Files\BMC Software\BladeLogic\8.1\RSCD\RSCD.exe
FirewallRules: [{3DB325C8-1917-4A01-9CD5-C48A8E17DFF4}] => (Allow) C:\Program Files\avs\bin\avagent.exe
FirewallRules: [{4FAFC2B9-AB11-46C7-94BF-9A612EF8F03B}] => (Allow) C:\Program Files\avs\bin\avagent.exe
FirewallRules: [{E80255AD-8CF9-4ABE-AA39-94BDDD273891}] => (Allow) C:\Program Files\avs\bin\avagent.exe
FirewallRules: [{42461DFE-3CEE-4296-94DB-9228194CF758}] => (Allow) C:\Program Files\avs\bin\avagent.exe
FirewallRules: [{08150A75-FCC7-4A7A-B7A8-F83671BAF96D}] => (Block) LPort=445
FirewallRules: [Remrras-In-RPC] => (Allow) %systemroot%\system32\remrras.exe
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe
FirewallRules: [Smtpsvc-Service-In-TCP] => (Allow) %windir%\system32\inetsrv\inetinfo.exe
FirewallRules: [{FF0D18DD-FABA-49BC-982C-81A575C21C1E}] => (Allow) LPort=266
FirewallRules: [{65BF5A78-4F6D-4520-A51C-5CD3603D1DCA}] => (Allow) LPort=3391
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/15/2017 05:19:00 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\windows\help\lsmo.exe".Error in manifest or policy file "C:\windows\help\lsmo.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 12:44:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 12:36:28 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 12:28:57 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 11:41:29 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 11:40:45 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/26/2017 11:40:31 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\WINDOWS\tasksche.exe".Error in manifest or policy file "C:\WINDOWS\tasksche.exe" on line 0.
Invalid Xml syntax.
 
Error: (06/25/2017 11:38:23 AM) (Source: COM+) (EventID: 4691) (User: )
Description: The run-time environment was unable to initialize for transactions required to support transactional components. Make sure that MS-DTC is running. (DtcGetTransactionManagerEx(): hr = 0x8004d027)
 
Error: (06/25/2017 11:38:23 AM) (Source: MSDTC) (EventID: 4427) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: hr = 0x80004005, d:\w7rtm\com\complus\dtc\dtc\msdtcprx\src\dtcinit.cpp:571, CmdLine: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}, Pid: 1900
 
 
System errors:
=============
Error: (07/17/2017 05:43:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/17/2017 02:44:06 AM) (Source: RemoteAccess) (EventID: 20106) (User: )
Description: Unable to add the interface Internal with the Router Manager for the IPV6 protocol. The following error occurred: The parameter is incorrect.
 
Error: (07/17/2017 02:41:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
IfkJgGiz
 
Error: (07/17/2017 02:41:01 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff88005237268, 0xfffff88005236ad0, 0xfffff80001ae05aa). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071717-12308-01.
 
Error: (07/17/2017 02:41:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:38:58 AM on ‎17/‎07/‎2017 was unexpected.
 
Error: (07/16/2017 02:39:34 PM) (Source: RemoteAccess) (EventID: 20106) (User: )
Description: Unable to add the interface Internal with the Router Manager for the IPV6 protocol. The following error occurred: The parameter is incorrect.
 
Error: (07/16/2017 02:36:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
IfkJgGiz
 
Error: (07/16/2017 02:36:44 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x00000000001904fb, 0xfffff8800511b268, 0xfffff8800511aad0, 0xfffff80001ac55aa). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071617-10249-01.
 
Error: (07/16/2017 02:36:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:34:58 PM on ‎16/‎07/‎2017 was unexpected.
 
Error: (07/16/2017 11:35:54 AM) (Source: RemoteAccess) (EventID: 20106) (User: )
Description: Unable to add the interface Internal with the Router Manager for the IPV6 protocol. The following error occurred: The parameter is incorrect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E7- 2860 @ 2.27GHz
Percentage of memory in use: 73%
Total physical RAM: 2047.55 MB
Available physical RAM: 537.67 MB
Total Virtual: 4095.11 MB
Available Virtual: 2315.68 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:39.9 GB) (Free:15.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 40 GB) (Disk ID: F62B2379)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 20 July 2017 - 03:50 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We don't typically work on Servers but let's see what we can do.

Are you aware of these Group Policy Restrictions?

GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{c9111437-5d34-4696-a3c4-a74ced1d99f9} <==== ATTENTION (Restriction - IP)


-----

We have a bit of work to do. Please do these things.

===================================================

Deleting ActiveScriptEventConsumer Task

--------------------
  • Hit the Windows Key + E at the same time
  • Navigate to and left click on the C:\Windows\System32 folder
  • On the right side locate wbemtest.exe, right click on the file and select Run as administrator
  • Click Connect
  • In the Namespace filed type root\subscription
  • Click Connect
  • Check Enable All Privileges checkbox then click Enum Instances
  • On the Class Info screen type ActiveScriptEventConsumer, check Immediate only, then click OK
  • On the Query Result you should see ActiveScriptEventConsumer.Name=**profanity**youmm2 or something similar
  • Please take a screen shot of this window and save it to your Desktop
  • Left click on the ActiveScriptEventConsumer.Name=**profanity**youmm2 entry then select Delete
  • Upload the screen shot that was saved on your Desktop here
  • Monitor your computer for Task activities
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CloseProcesses:
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Software\Classes\exefile: "%1" %* <==== ATTENTION
HKU\S-1-5-21-3668615208-2999039653-3526226260-1004\Software\Classes\.exe: exefile => "%1" %* <==== ATTENTION
File: C:\Windows\system32\p
File: C:\Windows\system32\s
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for either 64 bit or 32 bit systems and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
lsmo.exe
*IfkJgGiz*
:regfind
lsmo.exe
*IfkJgGiz*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please copy and paste the report contents in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize Policy restrictions?
  • Were you able to delete ActiveScriptEvent?
  • Uploaded Screen Shot
  • Fixlog
  • SystemLook report
  • Update on computer behavior - Task activity?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 23 July 2017 - 07:08 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,424 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 PM

Posted 26 July 2017 - 11:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users