Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing.


  • This topic is locked This topic is locked
2 replies to this topic

#1 patsok

patsok

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 28 June 2018 - 01:04 PM

Hi everyone,

When I restarted my PC today I've got blue screen that says: "STOP: C0000135 The program can't start because %hs is missing.". I launch repair several times and it doesn't work. I also tried to restore my computer to a previous state but it doesn't change anything.

I run flashdrive with FRST (x64) and there is my report. Could you help me with it?

 

FRST.txt:

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 20.06.2018
Uruchomiony przez SYSTEM  MININT-M97D6BE (28-06-2018 19:50:55)
Uruchomiony z g:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11
Tryb startu: Recovery
Domyślne: ControlSet001
UWAGA!:=====> Jeśli system uruchamia się, FRST należy uruchomić z poziomu Trybu awaryjnego lub normalnego w celu utworzenia kompletnego raportu.

Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11725928 2010-12-23] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-09-17] (NVIDIA Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2208448 2018-03-13] (COMODO)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DelReg] => C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe [196608 2008-12-04] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\user\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\user\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\user\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.)
HKU\user\...\Run: [AdobeBridge] => [X]
HKU\user\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\user\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-05-11] (Adobe Systems Incorporated)
HKU\user\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\user\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-27] (Spotify Ltd)
HKU\user\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
BootExecute:

==================== Usługi (filtrowane) ====================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
S2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [11395096 2018-03-13] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2876096 2018-03-13] (COMODO)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [662600 2018-03-07] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8410184 2018-03-07] (GOG.com)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-09-17] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-09-17] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-11-24] ()
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2017-01-04] (DEVGURU Co., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Sterowniki (filtrowane) ======================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [34280 2018-01-31] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [846624 2018-01-31] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [59096 2018-01-31] (COMODO)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2017-03-22] (Samsung Electronics Co., Ltd.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-06] (Disc Soft Ltd)
S3 DualCoreCenter; C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [44344 2008-12-27] (MICRO-STAR INT'L CO., LTD.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [123544 2018-01-31] (COMODO)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S4 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
S2 npf; C:\Windows\system32\drivers\npf.sys [36600 2017-10-07] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
S3 RushTopDevice2; C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys [75576 2008-12-19] (Your Corporation)
S3 RushTopDevice_J; C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys [33080 2009-03-05] (Your Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [845560 2011-08-03] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2017-03-22] (Samsung Electronics Co., Ltd.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-07-02] (MBB)
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
S3 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-06-28 19:50 - 2018-06-28 19:50 - 000000000 ____D C:\FRST
2018-06-28 16:58 - 2018-06-28 16:58 - 001647105 _____ C:\Users\user\Desktop\Praca licencjacka - Patryk Sokół.pdf
2018-06-27 21:27 - 2018-06-27 21:34 - 000730133 _____ C:\Users\user\Desktop\6. Zebranie kadry PAIDA.pdf
2018-06-27 21:24 - 2018-06-27 21:24 - 000009682 _____ C:\Users\user\Desktop\raport-paida-26.06.odt
2018-06-26 18:36 - 2018-06-26 18:36 - 000025859 _____ C:\Users\user\Desktop\[limetorrents.cc]Westworld.S02E10.WEBRip.x264-PBS.EZTV.torrent
2018-06-26 18:36 - 2018-06-26 18:36 - 000000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2018-06-26 18:35 - 2018-06-26 18:35 - 000002171 _____ C:\Users\user\Desktop\8D777341F0E2438BB207F445CB5C5EC7931663D1.torrent
2018-06-24 21:20 - 2018-06-24 21:21 - 000000000 ____D C:\Users\user\AppData\Roaming\Anvsoft
2018-06-24 21:20 - 2018-06-24 21:20 - 000000000 ____D C:\Users\user\Documents\Any Video Converter
2018-06-24 21:20 - 2018-06-24 21:20 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2018-06-24 21:15 - 2018-06-24 21:15 - 000000000 ____D C:\Users\user\AppData\Local\Apowersoft
2018-06-24 21:14 - 2018-06-24 21:14 - 000000000 ____D C:\usr
2018-06-24 21:14 - 2017-10-07 23:42 - 000370424 _____ (Riverbed Technology, Inc.) C:\Windows\System32\wpcap.dll
2018-06-24 21:14 - 2017-10-07 23:42 - 000282360 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\wpcap.dll
2018-06-24 21:14 - 2017-10-07 23:42 - 000107768 _____ (Riverbed Technology, Inc.) C:\Windows\System32\Packet.dll
2018-06-24 21:14 - 2017-10-07 23:42 - 000098040 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Packet.dll
2018-06-24 21:14 - 2017-10-07 23:42 - 000053299 _____ C:\Windows\SysWOW64\pthreadVC.dll
2018-06-24 21:14 - 2017-10-07 23:42 - 000036600 _____ (Riverbed Technology, Inc.) C:\Windows\System32\Drivers\npf.sys
2018-06-24 21:13 - 2018-06-24 21:14 - 000000000 ____D C:\ProgramData\Apowersoft
2018-06-24 21:13 - 2018-06-24 21:13 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2018-06-22 13:50 - 2018-06-22 13:50 - 009468050 _____ C:\Users\user\Desktop\Ulotka Adapciak.pdf
2018-06-22 10:09 - 2018-06-22 10:10 - 000000000 ____D C:\Users\user\.weblaf
2018-06-21 20:15 - 2018-06-21 20:15 - 000803481 _____ C:\Users\user\Desktop\Kacper_Wieczorek_Koordynator_E-sport_2018.pdf
2018-06-19 13:38 - 2018-06-23 22:01 - 000000000 ____D C:\Users\user\Desktop\Adapciak filmik
2018-06-19 13:38 - 2018-06-21 17:45 - 000000000 ____D C:\Users\user\Desktop\Monopoly
2018-06-19 13:37 - 2018-06-19 13:45 - 000000000 ____D C:\Users\user\Desktop\Licencjat
2018-06-16 19:01 - 2018-06-20 16:59 - 000013211 _____ C:\Users\user\Desktop\For Paś.docm
2018-06-15 21:24 - 2018-06-26 18:36 - 000000000 ____D C:\Users\user\Desktop\Pliki Torrent
2018-06-13 00:22 - 2018-05-29 21:36 - 000396960 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-06-13 00:22 - 2018-05-29 20:40 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-13 00:22 - 2018-05-29 03:43 - 000631640 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-06-13 00:22 - 2018-05-29 03:41 - 005577408 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-06-13 00:22 - 2018-05-29 03:41 - 000708288 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-06-13 00:22 - 2018-05-29 03:41 - 000262336 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-06-13 00:22 - 2018-05-29 03:41 - 000154816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-06-13 00:22 - 2018-05-29 03:41 - 000095424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2018-06-13 00:22 - 2018-05-29 03:35 - 001665336 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 004050624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-06-13 00:22 - 2018-05-29 03:32 - 003962048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-06-13 00:22 - 2018-05-29 03:32 - 001461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 001211904 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000731648 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000361984 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000094208 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:32 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:25 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:22 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 03:03 - 000148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2018-06-13 00:22 - 2018-05-29 03:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2018-06-13 00:22 - 2018-05-29 03:03 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2018-06-13 00:22 - 2018-05-29 03:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-06-13 00:22 - 2018-05-29 03:03 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2018-06-13 00:22 - 2018-05-29 02:59 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2018-06-13 00:22 - 2018-05-29 02:59 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2018-06-13 00:22 - 2018-05-29 02:59 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2018-06-13 00:22 - 2018-05-29 02:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-06-13 00:22 - 2018-05-29 02:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-06-13 00:22 - 2018-05-29 02:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-06-13 00:22 - 2018-05-29 02:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-06-13 00:22 - 2018-05-29 02:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-06-13 00:22 - 2018-05-29 02:58 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 02:58 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 02:58 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 02:58 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-06-13 00:22 - 2018-05-29 02:56 - 000160256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-06-13 00:22 - 2018-05-29 02:55 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2018-06-13 00:22 - 2018-05-29 02:55 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2018-06-13 00:22 - 2018-05-29 02:54 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2018-06-13 00:22 - 2018-05-29 02:54 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2018-06-13 00:22 - 2018-05-29 01:04 - 000634272 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-06-13 00:22 - 2018-05-25 06:10 - 025742848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-06-13 00:22 - 2018-05-25 05:59 - 002724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2018-06-13 00:22 - 2018-05-25 05:59 - 000004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2018-06-13 00:22 - 2018-05-25 05:46 - 002902016 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-06-13 00:22 - 2018-05-25 05:45 - 000066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2018-06-13 00:22 - 2018-05-25 05:44 - 000578048 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2018-06-13 00:22 - 2018-05-25 05:44 - 000417280 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2018-06-13 00:22 - 2018-05-25 05:44 - 000048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2018-06-13 00:22 - 2018-05-25 05:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2018-06-13 00:22 - 2018-05-25 05:38 - 005779968 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-06-13 00:22 - 2018-05-25 05:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2018-06-13 00:22 - 2018-05-25 05:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2018-06-13 00:22 - 2018-05-25 05:34 - 020286976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-13 00:22 - 2018-05-25 05:33 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2018-06-13 00:22 - 2018-05-25 05:32 - 000814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-06-13 00:22 - 2018-05-25 05:32 - 000794624 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-06-13 00:22 - 2018-05-25 05:32 - 000144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2018-06-13 00:22 - 2018-05-25 05:32 - 000116224 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2018-06-13 00:22 - 2018-05-25 05:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-06-13 00:22 - 2018-05-25 05:24 - 000969216 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2018-06-13 00:22 - 2018-05-25 05:21 - 000489984 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2018-06-13 00:22 - 2018-05-25 05:16 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-06-13 00:22 - 2018-05-25 05:16 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-06-13 00:22 - 2018-05-25 05:15 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-06-13 00:22 - 2018-05-25 05:15 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-06-13 00:22 - 2018-05-25 05:14 - 000087552 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2018-06-13 00:22 - 2018-05-25 05:14 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2018-06-13 00:22 - 2018-05-25 05:14 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-06-13 00:22 - 2018-05-25 05:13 - 000107520 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2018-06-13 00:22 - 2018-05-25 05:12 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-13 00:22 - 2018-05-25 05:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2018-06-13 00:22 - 2018-05-25 05:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-06-13 00:22 - 2018-05-25 05:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-06-13 00:22 - 2018-05-25 05:08 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2018-06-13 00:22 - 2018-05-25 05:08 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-06-13 00:22 - 2018-05-25 05:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-06-13 00:22 - 2018-05-25 05:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-13 00:22 - 2018-05-25 05:06 - 000152064 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2018-06-13 00:22 - 2018-05-25 05:05 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-13 00:22 - 2018-05-25 05:05 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-06-13 00:22 - 2018-05-25 04:57 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-06-13 00:22 - 2018-05-25 04:57 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-06-13 00:22 - 2018-05-25 04:55 - 000809472 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-06-13 00:22 - 2018-05-25 04:55 - 000728064 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-06-13 00:22 - 2018-05-25 04:53 - 015283200 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-06-13 00:22 - 2018-05-25 04:53 - 002135552 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-06-13 00:22 - 2018-05-25 04:53 - 001359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2018-06-13 00:22 - 2018-05-25 04:52 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-06-13 00:22 - 2018-05-25 04:52 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-06-13 00:22 - 2018-05-25 04:51 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-06-13 00:22 - 2018-05-25 04:49 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-06-13 00:22 - 2018-05-25 04:48 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-13 00:22 - 2018-05-25 04:47 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-06-13 00:22 - 2018-05-25 04:45 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-06-13 00:22 - 2018-05-25 04:42 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-13 00:22 - 2018-05-25 04:40 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-13 00:22 - 2018-05-25 04:39 - 003241472 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-06-13 00:22 - 2018-05-25 04:39 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-13 00:22 - 2018-05-25 04:38 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-13 00:22 - 2018-05-25 04:38 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-13 00:22 - 2018-05-25 04:37 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-06-13 00:22 - 2018-05-25 04:29 - 001546240 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-06-13 00:22 - 2018-05-25 04:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-13 00:22 - 2018-05-25 04:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-06-13 00:22 - 2018-05-25 04:15 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-13 00:22 - 2018-05-25 04:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-13 00:22 - 2018-05-15 05:16 - 001681088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-06-13 00:22 - 2018-05-15 04:44 - 004120576 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2018-06-13 00:22 - 2018-05-15 04:44 - 001159680 _____ (Microsoft Corporation) C:\Windows\System32\webservices.dll
2018-06-13 00:22 - 2018-05-15 04:44 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-06-13 00:22 - 2018-05-15 04:44 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2018-06-13 00:22 - 2018-05-15 04:24 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2018-06-13 00:22 - 2018-05-15 04:23 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2018-06-13 00:22 - 2018-05-15 04:13 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-13 00:22 - 2018-05-15 04:13 - 000782848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-13 00:22 - 2018-05-15 04:13 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-13 00:22 - 2018-05-15 04:13 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2018-06-13 00:22 - 2018-05-15 04:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2018-06-13 00:22 - 2018-05-15 04:01 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2018-06-13 00:22 - 2018-05-15 02:20 - 000467856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-06-13 00:22 - 2018-05-15 02:20 - 000459632 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2018-06-13 00:22 - 2018-05-12 03:07 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2018-06-13 00:22 - 2018-05-12 03:07 - 000033152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-06-13 00:22 - 2018-05-12 03:07 - 000030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2018-06-13 00:22 - 2018-05-11 22:19 - 000977408 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-06-13 00:22 - 2018-05-11 22:19 - 000109568 _____ (Microsoft Corporation) C:\Windows\System32\hlink.dll
2018-06-13 00:22 - 2018-05-11 22:19 - 000084480 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2018-06-13 00:22 - 2018-05-11 01:40 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-06-13 00:22 - 2018-05-11 01:40 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-06-13 00:22 - 2018-05-11 01:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2018-06-13 00:22 - 2018-04-06 17:39 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2018-06-13 00:22 - 2018-04-06 17:38 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-06-12 23:28 - 2018-06-12 23:28 - 000001284 _____ C:\Users\Public\Desktop\Pazera Free AVI to MP4 Converter (32-bit).lnk
2018-06-12 23:28 - 2018-06-12 23:28 - 000000000 ____D C:\Program Files (x86)\pazera-software
2018-06-12 23:25 - 2018-06-12 23:25 - 000003352 _____ C:\Windows\System32\Tasks\{E73A687E-E354-4D89-B655-066984E70CA6}
2018-06-08 21:21 - 2018-06-08 21:21 - 000000000 ____D C:\Users\user\Creative Cloud Files
2018-06-06 11:23 - 2018-06-06 13:00 - 000000000 ____D C:\Users\user\Desktop\PREZENTY IKSS
2018-06-01 08:56 - 2018-06-28 19:15 - 000000000 ____D C:\Users\user\AppData\Local\Spotify
2018-06-01 08:56 - 2018-06-27 22:35 - 000000000 ____D C:\Users\user\AppData\Roaming\Spotify

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2018-06-28 19:15 - 2013-04-20 00:58 - 000000000 ____D C:\Users\user\AppData\Roaming\NapiProjekt
2018-06-28 19:15 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration
2018-06-28 14:20 - 2014-08-26 18:14 - 000000000 ____D C:\Users\user\AppData\Local\Adobe
2018-06-27 22:57 - 2017-05-09 13:44 - 001474832 _____ C:\Windows\System32\Drivers\sfi.dat
2018-06-27 14:29 - 2009-07-14 05:45 - 000023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-27 14:29 - 2009-07-14 05:45 - 000023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-27 14:25 - 2017-09-29 09:12 - 000144174 _____ C:\Windows\System32\Drivers\fvstore.dat
2018-06-27 14:19 - 2016-11-18 11:38 - 000000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2018-06-27 14:08 - 2017-03-26 22:44 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2018-06-27 14:08 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\System32\NDF
2018-06-27 14:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-06-27 13:08 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-27 13:07 - 2011-07-06 14:12 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-26 19:53 - 2012-02-13 18:06 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2018-06-25 16:05 - 2015-01-10 00:25 - 000000034 _____ C:\Users\user\AppData\Roaming\AdobeWLCMCache.dat
2018-06-25 14:01 - 2015-05-29 15:25 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2018-06-24 22:16 - 2009-07-14 18:55 - 000890546 _____ C:\Windows\System32\perfh015.dat
2018-06-24 22:16 - 2009-07-14 18:55 - 000202980 _____ C:\Windows\System32\perfc015.dat
2018-06-24 22:16 - 2009-07-14 06:13 - 001869782 _____ C:\Windows\System32\PerfStringBackup.INI
2018-06-24 21:15 - 2017-01-27 17:02 - 000000000 ____D C:\Users\user\Documents\Apowersoft
2018-06-24 21:14 - 2017-01-27 17:02 - 000000000 ____D C:\Users\user\AppData\Roaming\Apowersoft
2018-06-24 01:12 - 2011-08-02 18:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-06-13 21:56 - 2014-11-22 17:44 - 000000132 _____ C:\Users\user\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
2018-06-13 18:02 - 2012-10-12 22:01 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-13 18:01 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-06-13 18:00 - 2014-11-22 17:10 - 000000000 ____D C:\Program Files\Adobe
2018-06-13 17:50 - 2011-07-30 00:12 - 000000000 ____D C:\Users\user\AppData\Roaming\foobar2000
2018-06-13 02:08 - 2013-08-17 02:00 - 000000000 ____D C:\Windows\System32\MRT
2018-06-13 02:03 - 2017-10-12 02:07 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-06-13 02:03 - 2011-08-07 00:35 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-06-09 19:38 - 2016-06-20 10:34 - 006499304 _____ C:\Windows\System32\FNTCACHE.DAT
2018-06-09 01:06 - 2011-07-31 23:15 - 000000000 ____D C:\Windows\System32\Tasks\Games
2018-06-08 13:08 - 2016-06-20 01:00 - 000276232 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2018-06-08 10:36 - 2011-08-02 18:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-06-08 08:31 - 2018-03-14 08:31 - 000004556 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-08 08:31 - 2013-09-21 08:02 - 000004412 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-06-08 08:31 - 2012-06-21 13:27 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-06-08 08:31 - 2012-04-24 12:31 - 000000000 ____D C:\Windows\System32\Macromed
2018-06-08 08:31 - 2011-08-02 18:37 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Known DLLs (filtrowane) =========================

C:\Windows\System32\gdi32.dll BRAK <==== UWAGA
C:\Windows\SysWOW64\WLDAP32.dll BRAK <==== UWAGA

==================== Bamital & volsnap ======================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\System32\winlogon.exe
[2018-01-27 19:35] - [2018-01-01 02:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41

C:\Windows\System32\wininit.exe => MD5 jest poprawne
C:\Windows\SysWOW64\wininit.exe => MD5 jest poprawne
C:\Windows\explorer.exe => MD5 jest poprawne
C:\Windows\SysWOW64\explorer.exe => MD5 jest poprawne
C:\Windows\System32\svchost.exe => MD5 jest poprawne
C:\Windows\SysWOW64\svchost.exe => MD5 jest poprawne
C:\Windows\System32\services.exe => MD5 jest poprawne
C:\Windows\System32\User32.dll => MD5 jest poprawne
C:\Windows\SysWOW64\User32.dll => MD5 jest poprawne
C:\Windows\System32\userinit.exe => MD5 jest poprawne
C:\Windows\SysWOW64\userinit.exe => MD5 jest poprawne
C:\Windows\System32\rpcss.dll
[2018-05-09 10:23] - [2018-04-23 01:00] - 000512512 _____ (Microsoft Corporation) 4CE2D42E24914EE91BFFCD8D8485A1BB

C:\Windows\System32\dnsapi.dll => MD5 jest poprawne
C:\Windows\SysWOW64\dnsapi.dll => MD5 jest poprawne
C:\Windows\System32\Drivers\volsnap.sys => MD5 jest poprawne

==================== Powiązania plików (filtrowane) =============


==================== Punkty Przywracania systemu  =========================

Data punktu przywracania: 2018-06-28 17:10
Data punktu przywracania: 2018-06-28 18:01

==================== Statystyki pamięci ===========================

Procent pamięci w użyciu: 11%
Całkowita pamięć fizyczna: 8191.18 MB
Dostępna pamięć fizyczna: 7278.89 MB
Całkowita pamięć wirtualna: 8189.33 MB
Dostępna pamięć wirtualna: 7273.56 MB

==================== Dyski ================================

Drive c: (Cadmium) (Fixed) (Total:97.56 GB) (Free:15.74 GB) NTFS
Drive e: (Dubnium) (Fixed) (Total:368.1 GB) (Free:30.8 GB) NTFS
Drive g: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system z komponentami startowymi (pozyskano odczytując dysk)]


==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 02CD9B7A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 3.8 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2018-06-28 19:26

==================== Koniec  FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 30 June 2018 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKU\user\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
===

Restart the computer normally if possible and run the Farbar

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
Make sure that the box to create an Addition.txt log is checked.
Post the file also for my review.
===

Lets find out if these files are present on your computer.

C:\Windows\System32\gdi32.dll BRAK <==== UWAGA
C:\Windows\SysWOW64\WLDAP32.dll BRAK <==== UWAGA


Please run the Farbar Recovery Scan Tool. Enter gdi32.dll;WLDAP32.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.
===

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:29 PM

Posted 06 July 2018 - 08:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users