Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Undesirable pop ups just started when in Firefox

Firefox pop ups

  • Please log in to reply

#1
Crisponator

Crisponator

    Member

  • Member
  • PipPip
  • 18 posts

Hi,

Been a while since I posted here because things have been working well.

A little history before I begin.. So one of my employees PC was fine and dandy till the other day when she opened up Firefox and went to read emails. She went back to home page and shortly after that, she said the PC started making a lot of noises (hard drive, cooling fan etc.) and then some porn site started up and was "doing stuff". We were having significant speed issues with this PC so I ran CCleaner and I went through the startup and removed some things that were un-necessary to check if they were the problems. I also uninstalled AVAST but immediately activated defender but there are no other antivirus apps currently running. The other PC's on my net are fine and are also not running any antivirus and have just defender running. Here is the required info to begin fixing this buggaboo

 

Here is the pasted text as well 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by Deann (administrator) on DEANN-PC (25-05-2017 14:23:05)
Running from C:\Users\Deann\Desktop
Loaded Profiles: Deann & UpdatusUser (Available Profiles: Deann & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-08-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{DF568CAD-4688-493B-9C1A-CB210494510F}: [DhcpNameServer] 192.168.29.1
 
Internet Explorer:
==================
HKU\S-1-5-21-775206907-1226859653-549646819-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2016-12-08] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-12] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: d5s8jt13.default
FF ProfilePath: C:\Users\Deann\AppData\Roaming\Mozilla\Firefox\Profiles\d5s8jt13.default [2017-05-25]
FF Homepage: Mozilla\Firefox\Profiles\d5s8jt13.default -> hxxps://www.yahoo.com/
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Deann\AppData\Roaming\Mozilla\Firefox\Profiles\d5s8jt13.default\features\{3cbf3934-6963-4fc8-b82d-caf068d30fc2}\[email protected] [2017-04-21]
FF Extension: (Disable Prefetch) - C:\Users\Deann\AppData\Roaming\Mozilla\Firefox\Profiles\d5s8jt13.default\features\{3cbf3934-6963-4fc8-b82d-caf068d30fc2}\[email protected] [2017-04-21]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default [2017-05-25]
CHR Extension: (Google Slides) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-18]
CHR Extension: (Google Docs) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-18]
CHR Extension: (Google Drive) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
CHR Extension: (Google Search) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Google Sheets) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-23]
CHR Extension: (Gmail) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Deann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-23]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-12-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 14:23 - 2017-05-25 14:23 - 00009879 _____ C:\Users\Deann\Desktop\FRST.txt
2017-05-25 14:22 - 2017-05-25 14:23 - 00000000 ____D C:\FRST
2017-05-25 14:20 - 2017-05-25 14:20 - 02429952 _____ (Farbar) C:\Users\Deann\Desktop\FRST64.exe
2017-05-25 13:43 - 2017-05-25 13:43 - 00188174 _____ C:\Users\Deann\Desktop\OTL.Txt
2017-05-25 13:43 - 2017-05-25 13:43 - 00037124 _____ C:\Users\Deann\Desktop\Extras.Txt
2017-05-25 13:25 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-05-25 13:25 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-05-25 12:32 - 2017-05-25 12:32 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2017-05-25 12:32 - 2017-05-25 12:32 - 00000000 _SHDL C:\Users\TEMP\My Documents
2017-05-25 12:32 - 2017-05-25 12:32 - 00000000 _SHDL C:\Users\TEMP\Documents\My Videos
2017-05-25 12:32 - 2017-05-25 12:32 - 00000000 _SHDL C:\Users\TEMP\Documents\My Pictures
2017-05-25 12:32 - 2017-05-25 12:32 - 00000000 _SHDL C:\Users\TEMP\Documents\My Music
2017-05-25 12:32 - 2017-05-25 12:32 - 00000000 ____D C:\Users\TEMP
2017-05-25 12:32 - 2015-08-18 20:21 - 00002100 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-05-25 12:32 - 2009-07-14 03:45 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2017-05-25 10:37 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-25 10:37 - 2017-04-19 20:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-25 10:37 - 2017-04-19 19:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-25 10:37 - 2017-04-16 05:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-25 10:37 - 2017-04-16 05:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-25 10:37 - 2017-04-16 04:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-25 10:37 - 2017-04-16 04:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-25 10:37 - 2017-04-16 04:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-25 10:37 - 2017-04-16 04:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-25 10:37 - 2017-04-16 04:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-25 10:37 - 2017-04-16 04:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-25 10:37 - 2017-04-16 04:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-25 10:37 - 2017-04-16 04:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-25 10:37 - 2017-04-16 04:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-25 10:37 - 2017-04-16 04:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-25 10:37 - 2017-04-16 04:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-25 10:37 - 2017-04-16 04:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-25 10:37 - 2017-04-16 04:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-25 10:37 - 2017-04-16 04:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-25 10:37 - 2017-04-16 04:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-25 10:37 - 2017-04-16 04:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-25 10:37 - 2017-04-16 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-25 10:37 - 2017-04-16 04:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-25 10:37 - 2017-04-16 04:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-25 10:37 - 2017-04-16 04:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-25 10:37 - 2017-04-16 04:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-25 10:37 - 2017-04-16 04:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-25 10:37 - 2017-04-16 04:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-25 10:37 - 2017-04-16 04:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-25 10:37 - 2017-04-16 04:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-25 10:37 - 2017-04-16 04:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-25 10:37 - 2017-04-16 04:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-25 10:37 - 2017-04-16 04:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-25 10:37 - 2017-04-16 03:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-25 10:37 - 2017-04-16 03:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-25 10:37 - 2017-04-16 03:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-25 10:37 - 2017-04-16 03:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-25 10:37 - 2017-04-16 03:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-25 10:37 - 2017-04-16 03:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-25 10:37 - 2017-04-16 03:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-25 10:37 - 2017-04-16 03:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-25 10:37 - 2017-04-16 03:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-25 10:37 - 2017-04-16 03:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-25 10:37 - 2017-04-16 03:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-25 10:37 - 2017-04-16 03:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-25 10:37 - 2017-04-16 03:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-25 10:37 - 2017-04-16 03:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-25 10:37 - 2017-04-16 03:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-25 10:37 - 2017-04-16 03:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-25 10:37 - 2017-04-16 03:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-25 10:37 - 2017-04-16 03:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-25 10:37 - 2017-04-16 03:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-25 10:37 - 2017-04-16 03:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-25 10:37 - 2017-04-16 03:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-25 10:37 - 2017-04-16 03:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-25 10:37 - 2017-04-16 03:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-25 10:37 - 2017-04-16 03:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-25 10:37 - 2017-04-16 03:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-25 10:37 - 2017-04-16 03:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-25 10:37 - 2017-04-16 03:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-25 10:37 - 2017-04-16 03:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-25 10:37 - 2017-04-16 03:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-25 10:37 - 2017-04-16 02:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-25 10:37 - 2017-04-16 02:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-25 10:37 - 2017-04-16 02:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-25 10:37 - 2017-04-16 02:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-25 10:37 - 2017-04-16 02:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-25 10:37 - 2017-04-16 02:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-25 10:37 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-25 10:37 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-25 10:37 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-25 10:37 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-25 10:37 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-25 10:37 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-25 10:37 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-25 10:37 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-25 10:37 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-25 10:37 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-25 10:37 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-25 10:37 - 2017-03-07 10:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-25 10:37 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-25 10:37 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-25 10:37 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-05-25 10:37 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-05-25 10:37 - 2016-09-15 10:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-05-25 10:37 - 2016-08-22 12:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-05-25 10:37 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-05-25 10:37 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-05-25 10:37 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-05-25 10:37 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-05-25 10:37 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-05-25 10:37 - 2016-03-23 18:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-25 10:37 - 2016-03-23 18:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-05-25 10:37 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2017-05-25 10:37 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-05-25 10:37 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-05-25 10:37 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2017-05-25 10:36 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-25 10:36 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-25 10:36 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-25 10:36 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-25 10:36 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-25 10:36 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-25 10:36 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-25 10:36 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-25 10:36 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-25 10:36 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-25 10:36 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-25 10:36 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-25 10:36 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-25 10:36 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-25 10:36 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-25 10:36 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-25 10:36 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-25 10:36 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-25 10:36 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-25 10:36 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-25 10:36 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-25 10:36 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-25 10:36 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-25 10:36 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-25 10:36 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-25 10:36 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-25 10:36 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-25 10:36 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-25 10:36 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-25 10:36 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-25 10:36 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-25 10:36 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-25 10:36 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-25 10:36 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-25 10:36 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-25 10:36 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-25 10:36 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-25 10:36 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-25 10:36 - 2017-04-16 04:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-25 10:36 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-25 10:36 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-25 10:36 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-25 10:36 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-25 10:36 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-25 10:36 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-25 10:36 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-25 10:36 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-25 10:36 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-25 10:36 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-25 10:36 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-25 10:36 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-25 10:36 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-25 10:36 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-25 10:36 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-25 10:36 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-25 10:36 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-25 10:36 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-25 10:36 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-25 10:36 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-25 10:36 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-25 10:36 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-05-25 10:36 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-05-25 10:36 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-05-25 10:36 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-05-25 10:36 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-05-25 10:36 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-25 10:36 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-25 10:36 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-25 10:36 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-05-25 10:36 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-25 10:36 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-05-25 10:36 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-05-25 10:36 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-25 10:36 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-25 10:36 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-25 10:36 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-05-25 10:36 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-05-25 10:36 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-05-25 10:36 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-25 10:36 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-25 10:36 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-25 10:36 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-25 10:36 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-25 10:36 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-25 10:36 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-25 10:36 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-25 10:36 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-25 10:36 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-25 10:36 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-25 10:36 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-25 10:36 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-25 10:36 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-05-25 10:36 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-05-25 10:36 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-05-25 10:36 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-05-25 10:36 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-05-25 10:36 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-05-25 10:36 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-25 10:36 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-25 10:36 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-25 10:36 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-25 10:36 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-05-25 10:36 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-05-25 10:36 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-25 10:36 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-25 10:36 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-05-25 10:36 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-25 10:36 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-05-25 10:36 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-25 10:36 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-05-25 10:36 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-25 10:36 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-05-25 10:36 - 2016-11-21 14:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-05-25 10:36 - 2016-11-20 12:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-05-25 10:36 - 2016-11-20 10:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-05-25 10:36 - 2016-11-17 12:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-05-25 10:36 - 2016-11-10 12:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-05-25 10:36 - 2016-11-10 12:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-05-25 10:36 - 2016-11-09 12:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-05-25 10:36 - 2016-11-09 12:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-05-25 10:36 - 2016-11-09 12:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-05-25 10:36 - 2016-11-09 12:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-05-25 10:36 - 2016-11-09 12:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-05-25 10:36 - 2016-11-09 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-05-25 10:36 - 2016-11-09 12:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-05-25 10:36 - 2016-11-09 12:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-05-25 10:36 - 2016-11-09 12:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-05-25 10:36 - 2016-11-09 12:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-05-25 10:36 - 2016-11-09 12:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-05-25 10:36 - 2016-11-09 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-05-25 10:36 - 2016-10-11 11:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-05-25 10:36 - 2016-10-11 11:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-05-25 10:36 - 2016-10-11 11:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-05-25 10:36 - 2016-10-11 11:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-05-25 10:36 - 2016-10-11 11:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-05-25 10:36 - 2016-10-11 11:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-05-25 10:36 - 2016-10-11 11:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-05-25 10:36 - 2016-10-11 11:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-05-25 10:36 - 2016-10-11 11:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-05-25 10:36 - 2016-10-11 11:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-05-25 10:36 - 2016-10-11 11:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-05-25 10:36 - 2016-10-11 11:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-05-25 10:36 - 2016-10-11 10:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-05-25 10:36 - 2016-10-11 09:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-05-25 10:36 - 2016-10-11 09:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-05-25 10:36 - 2016-10-11 09:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-05-25 10:36 - 2016-10-11 09:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-05-25 10:36 - 2016-10-08 09:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-05-25 10:36 - 2016-10-07 11:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-05-25 10:36 - 2016-10-07 11:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-05-25 10:36 - 2016-10-05 10:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-05-25 10:36 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-05-25 10:36 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-05-25 10:36 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-05-25 10:36 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-05-25 10:36 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-05-25 10:36 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-05-25 10:36 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-05-25 10:36 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-05-25 10:36 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-05-25 10:36 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-05-25 10:36 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-05-25 10:36 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-05-25 10:36 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-05-25 10:36 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-05-25 10:36 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-05-25 10:36 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-05-25 10:36 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-05-25 10:36 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-05-25 10:36 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-25 10:36 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-05-25 10:36 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-25 10:36 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-05-25 10:36 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-05-25 10:36 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-05-25 10:36 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-05-25 10:36 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-05-25 10:36 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-05-25 10:36 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-05-25 10:36 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-05-25 10:36 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-05-25 10:36 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-05-25 10:36 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-05-25 10:36 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-05-25 10:36 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-05-25 10:36 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-05-25 10:36 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-05-25 10:36 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-05-25 10:36 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-05-25 10:36 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-05-25 10:36 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-05-25 10:36 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-05-25 10:36 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-05-25 10:36 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-05-25 10:35 - 2016-05-12 11:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-05-25 10:34 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-05-25 10:34 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-05-25 10:34 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-05-25 10:34 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2017-05-25 10:34 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2017-05-25 10:34 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2017-05-25 10:34 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-25 10:34 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-05-25 10:34 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-05-25 10:34 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-05-25 10:34 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-05-25 10:34 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-05-25 10:34 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-05-25 10:34 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-05-25 10:34 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-05-25 10:34 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-05-25 10:34 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2017-05-25 10:34 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2017-05-25 10:34 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2017-05-25 10:34 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2017-05-25 10:34 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2017-05-25 10:34 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2017-05-25 10:34 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2017-05-25 10:34 - 2015-10-29 13:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-05-25 10:34 - 2015-10-29 13:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2017-05-25 10:34 - 2015-10-29 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2017-05-25 10:34 - 2015-10-29 13:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2017-05-25 10:34 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2017-05-25 10:34 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-05-25 10:34 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2017-05-25 10:34 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2017-05-25 10:33 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-05-25 10:33 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-05-25 10:33 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-05-25 10:33 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-05-25 10:33 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-05-25 10:33 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-05-25 10:33 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-05-25 10:33 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-05-25 10:33 - 2016-07-07 11:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-05-25 10:33 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-05-25 10:33 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-05-25 10:33 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-05-25 10:33 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-05-25 10:33 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-05-25 10:33 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-05-25 10:33 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-05-25 10:33 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-05-25 10:33 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2017-05-25 10:33 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-05-25 10:33 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-05-25 10:33 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2017-05-25 10:33 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-05-25 10:33 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-05-25 10:33 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-05-25 10:33 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-05-25 10:33 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-05-25 10:33 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-05-25 10:33 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-05-25 10:33 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2017-05-25 10:33 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2017-05-25 10:33 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-05-25 10:33 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2017-05-25 10:33 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-05-25 10:33 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-05-25 10:33 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-05-25 10:33 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2017-05-25 10:33 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2017-05-25 10:33 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2017-05-25 10:33 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2017-05-25 10:33 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2017-05-25 10:33 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2017-05-25 10:33 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2017-05-25 10:33 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2017-05-25 10:33 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-05-25 10:33 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-05-25 10:33 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2017-05-25 10:33 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2017-05-25 10:33 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2017-05-25 10:33 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2017-05-25 10:33 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-05-25 10:32 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-25 10:32 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-25 10:32 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-25 10:32 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-25 10:32 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-25 10:32 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-25 10:32 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-25 10:32 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-25 10:32 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-25 10:32 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2017-05-25 10:32 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2017-05-25 10:32 - 2016-05-12 13:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2017-05-25 10:32 - 2016-05-12 11:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-05-25 10:32 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-05-25 10:32 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-05-25 10:32 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-05-25 10:32 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-05-25 10:32 - 2016-05-12 11:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2017-05-25 10:32 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2017-05-25 10:32 - 2016-05-12 10:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2017-05-25 10:32 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-05-25 10:32 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-05-25 10:32 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-05-25 10:32 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-05-25 10:32 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-05-25 10:30 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-05-25 10:30 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-05-25 10:27 - 2017-05-25 10:26 - 00602112 _____ (OldTimer Tools) C:\Users\Deann\Desktop\OTL.exe
2017-05-25 10:26 - 2017-05-25 10:26 - 00602112 _____ (OldTimer Tools) C:\Users\Deann\Downloads\OTL.exe
2017-05-23 11:10 - 2017-05-23 11:11 - 00000000 ____D C:\Windows\pss
2017-05-23 11:07 - 2017-05-23 11:08 - 00037316 _____ C:\Users\Deann\Documents\cc_20170523_110755.reg
2017-05-23 10:48 - 2017-05-23 11:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-23 10:46 - 2017-05-23 10:47 - 00000000 ____D C:\Program Files\CCleaner
2017-05-23 10:46 - 2017-05-23 10:46 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-05-23 10:46 - 2017-05-23 10:46 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-23 10:46 - 2017-05-23 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-23 10:42 - 2017-05-23 10:42 - 00000000 ____D C:\Users\Deann\AppData\Roaming\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-25 14:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-25 13:39 - 2009-07-14 00:45 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-25 13:39 - 2009-07-14 00:45 - 00015168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-25 13:37 - 2015-08-18 19:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-05-25 12:36 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-25 12:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-25 12:29 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-25 12:21 - 2009-07-14 00:45 - 00447584 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-25 12:18 - 2015-08-30 10:24 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-25 12:18 - 2015-08-30 10:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-25 12:18 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-05-25 12:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-05-25 12:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2017-05-25 12:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-25 11:15 - 2015-08-18 20:03 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-25 10:58 - 2015-08-18 10:25 - 00000000 ____D C:\Windows\system32\MRT
2017-05-25 10:55 - 2015-08-18 10:25 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-25 10:27 - 2016-10-26 15:38 - 00090112 ___SH C:\Users\Deann\Desktop\Thumbs.db
2017-05-25 10:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-25 09:58 - 2016-11-28 10:32 - 00000000 ____D C:\Users\Deann\AppData\LocalLow\Mozilla
2017-05-25 09:27 - 2015-08-18 10:29 - 00000000 ____D C:\Users\UpdatusUser
2017-05-23 16:51 - 2015-08-30 10:45 - 00000696 _____ C:\Windows\BRRBCOM.INI
2017-05-23 11:13 - 2015-12-05 12:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-23 11:13 - 2015-08-18 19:24 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-23 11:13 - 2015-08-18 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-23 11:06 - 2015-08-29 15:44 - 00000000 ____D C:\Windows\Minidump
2017-05-23 11:06 - 2015-08-18 14:00 - 00000000 ____D C:\Windows\Panther
2017-05-23 10:41 - 2015-08-18 20:21 - 00000000 ___RD C:\Users\Deann\OneDrive
2017-05-17 14:18 - 2015-08-18 17:53 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 03:25 - 2015-08-18 20:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-12 03:21 - 2015-08-18 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-10 10:58 - 2016-04-27 13:13 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-10 10:58 - 2015-08-18 17:53 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-10 10:58 - 2015-08-18 17:53 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2017-01-12 16:03 - 2017-01-12 16:04 - 0003700 _____ () C:\Users\Deann\AppData\Roaming\QBFileDrTool.log
2015-08-30 11:00 - 2015-08-30 11:00 - 0007611 _____ () C:\Users\Deann\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 13:00
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
Ran by Deann (25-05-2017 14:23:57)
Running from C:\Users\Deann\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-08-18 14:09:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-775206907-1226859653-549646819-500 - Administrator - Disabled)
Deann (S-1-5-21-775206907-1226859653-549646819-1000 - Administrator - Enabled) => C:\Users\Deann
Guest (S-1-5-21-775206907-1226859653-549646819-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-775206907-1226859653-549646819-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-775206907-1226859653-549646819-1001 - Limited - Enabled) => C:\Users\TEMP
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated)
Brother MFL-Pro Suite MFC-9330CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-775206907-1226859653-549646819-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 25.0.4013.2506 - Intuit Inc.) Hidden
QuickBooks Premier: Contractor Edition 2015 (HKLM-x32\...\{AAE6D96A-EA2A-4F49-B86F-C1657731BB58}) (Version: 25.0.4013.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-775206907-1226859653-549646819-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Deann\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2F8C2947-C4E5-408D-8F47-D5B5AC3B9C7B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {3A73938A-96BD-4530-96B8-8DE842D34CCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {59D2FDC7-AC05-4C6B-8513-0EB96234BB97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {7636BE9E-DCCE-4240-B6FA-7D80A3D9530C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.)
Task: {B3A25ED0-A6DE-4959-BAE5-8851A12A4A61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18] (Adobe Systems Incorporated)
Task: {CB84108F-A2A5-4D91-9E08-F27E67C94BA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {E9CA45BD-F670-462E-93CB-889901F5ED4C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation)
Task: {EE39AF0B-E073-4109-AC88-B53DCCA507A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-30 10:42 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-08-18 10:29 - 2015-01-30 20:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-19 09:19 - 2017-05-12 03:18 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-05-17 14:18 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-17 14:18 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-02-24 16:53 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-775206907-1226859653-549646819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.29.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: OneDrive => "C:\Users\Deann\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{CAA3A175-57CB-461C-8DAE-592198C4AE94}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{FD4385BA-377D-4809-8D1A-29C604065E96}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{41247000-4A9A-4DDC-A5D7-F5BEC1984585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2C99A5E5-488E-46EB-8EA9-599BC49E03CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{84AAA343-F7CB-402B-B372-6F70267962C7}] => (Allow) C:\Users\Deann\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{06CB1185-1AD2-4AC8-BC41-2B41FE142945}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3177076B-AD28-4EF4-888C-7187241F1F0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F5C2F3B-8E26-4B06-8548-07B4FEC6EC7E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe
FirewallRules: [{B5E692C2-500D-4BCF-9A16-4E8ABE166F8E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe
FirewallRules: [{CF5E21E9-9513-4A12-9310-E1BCDAB6BB42}] => (Allow) LPort=54925
FirewallRules: [{7D17820A-E3B3-424E-9BC9-83C6D50E51D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C2593D94-FEE2-48E0-914E-60BBAA47EF85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-05-2017 10:38:11 Windows Update
25-05-2017 13:25:47 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/25/2017 01:25:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-775206907-1226859653-549646819-1001.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {90883df6-e665-469c-b5e3-df9ca78660ad}
 
Error: (05/25/2017 12:32:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Deann-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (05/25/2017 12:32:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Deann-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (05/25/2017 12:24:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Deann-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (05/25/2017 12:24:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Deann-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (05/25/2017 09:31:46 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {60A9D51C-9BD2-465F-8145-0DC5324BC112}
 
Error: (05/25/2017 09:31:46 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {60A9D51C-9BD2-465F-8145-0DC5324BC112}
 
 
System errors:
=============
Error: (05/25/2017 12:28:10 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-30 14:44:07.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-30 14:44:07.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 08:12:30.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-29 08:12:30.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-28 12:50:17.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-28 12:50:17.710
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-15 11:08:10.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-15 11:08:10.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 08:51:13.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-10 08:51:13.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® D CPU 2.80GHz
Percentage of memory in use: 34%
Total physical RAM: 4029.92 MB
Available physical RAM: 2632.48 MB
Total Virtual: 8058.02 MB
Available Virtual: 6040.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.91 GB) (Free:92.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E686F016)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ===================
 
 
Thanks for helping

Attached Files


Edited by Crisponator, 25 May 2017 - 02:22 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,677 posts
  • MVP

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
     
     
    Copy the next 2 lines:
     

    TASKLIST /SVC  > \junk.txt

    notepad \junk.txt
     
    Open an Elevated Command Prompt:
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
     
     
    Right click and Paste (or Edit then Paste) and the copied lines should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
     

    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10-20 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
     

    • 0

    #3
    Crisponator

    Crisponator

      Member

    • Topic Starter
    • Member
    • PipPip
    • 18 posts

    Here is the Speccy file, I will attach all txt files following

    Attached Files


    • 0

    #4
    Crisponator

    Crisponator

      Member

    • Topic Starter
    • Member
    • PipPip
    • 18 posts
    # AdwCleaner v6.047 - Logfile created 26/05/2017 at 14:30:47
    # Updated on 19/05/2017 by Malwarebytes
    # Database : 2017-05-26.6 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Deann - DEANN-PC
    # Running from : C:\Users\Deann\Desktop\AdwCleaner.exe
    # Mode: Scan
     
     
     
    ***** [ Services ] *****
     
    No malicious services found.
     
     
    ***** [ Folders ] *****
     
    No malicious folders found.
     
     
    ***** [ Files ] *****
     
    No malicious files found.
     
     
    ***** [ DLL ] *****
     
    No malicious DLLs found.
     
     
    ***** [ WMI ] *****
     
    No malicious keys found.
     
     
    ***** [ Shortcuts ] *****
     
    No infected shortcut found.
     
     
    ***** [ Scheduled Tasks ] *****
     
    No malicious task found.
     
     
    ***** [ Registry ] *****
     
    No malicious registry entries found.
     
     
    ***** [ Web browsers ] *****
     
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[S0].txt - [1005 Bytes] - [26/05/2017 14:30:47]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1078 Bytes] ##########
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.3 (04.10.2017)
    Operating System: Windows 7 Professional x64 
    Ran by Deann (Administrator) on Fri 05/26/2017 at 14:33:12.37
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 80 
     
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L79N0WD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RC7LREU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KQSOY4G (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20I6OWNF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z9YMYRU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\637F6KSK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68ADBUMD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70169U7P (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J2CSHFF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WON13FH (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83XF8UUI (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PE3G3MN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6LF5V4V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8U55MUB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B06QS81L (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMDOSRD3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1BGS1JS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYJYTSI4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ46HUAO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHSZ8EGW (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU3BIYA4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDUOT9MH (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJ6NIWE (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHCECVBP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MK1NXSL8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTB43LHO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU8YLXKO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7DQ0JVY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QF7I2260 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHZGOYIM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZS6U84J (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC7OCSYR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1QA9Z4N (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK7VX578 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJAVQHZK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\Deann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XR0218R2 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0L79N0WD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RC7LREU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1KQSOY4G (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20I6OWNF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z9YMYRU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\637F6KSK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\68ADBUMD (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70169U7P (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7J2CSHFF (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7WON13FH (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83XF8UUI (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PE3G3MN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6LF5V4V (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A8U55MUB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B06QS81L (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMDOSRD3 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1BGS1JS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYJYTSI4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZ46HUAO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHSZ8EGW (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HU3BIYA4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDUOT9MH (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IKJ6NIWE (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHCECVBP (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MK1NXSL8 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NTB43LHO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OU8YLXKO (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7DQ0JVY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QF7I2260 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QHZGOYIM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZS6U84J (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SC7OCSYR (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1QA9Z4N (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VK7VX578 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WJAVQHZK (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XR0218R2 (Temporary Internet Files Folder) 
     
    Deleted the following from C:\Users\Deann\AppData\Roaming\Mozilla\Firefox\Profiles\d5s8jt13.default\prefs.js
    user_pref(browser.urlbar.suggest.searches, true);
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 05/26/2017 at 14:38:09.54
    End of JRT log
     
     
    ~~~~~~~~~~~~~~~~Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
    System Idle Process 92.84 0 K 24 K 0
    procexp64.exe 4.72 28,932 K 59,736 K 4804 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    dwm.exe 0.95 38,316 K 65,276 K 2552 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
    Interrupts 0.54 0 K 0 K n/a Hardware Interrupts and DPCs
    chrome.exe 0.29 47,792 K 108,372 K 2488 Google Chrome Google Inc. (Verified) Google Inc
    System 0.28 168 K 1,624 K 4
    explorer.exe 0.07 50,028 K 63,192 K 2616 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
    QBCFMonitorService.exe 0.06 8,024 K 3,868 K 1596 QuickBooks Company File Monitoring Service Intuit (No signature was present in the subject) Intuit
    AvastSvc.exe 0.03 98,740 K 40,656 K 1628 Avast Service AVAST Software (Verified) AVAST Software s.r.o.
    svchost.exe 0.03 20,332 K 18,300 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.02 10,028 K 4,368 K 1820 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.02 24,028 K 15,832 K 840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    AvastUI.exe 0.02 22,604 K 21,028 K 5348 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.
    svchost.exe 0.02 33,104 K 29,396 K 1140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    BrYNSvc.exe 0.02 4,396 K 3,924 K 2760 BrYNCSvc Brother Industries, Ltd. (No signature was present in the subject) Brother Industries, Ltd.
    csrss.exe 0.01 15,944 K 16,996 K 452 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    lsm.exe 0.01 3,268 K 2,620 K 516 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
    wmpnetwk.exe 0.01 13,544 K 1,340 K 3300 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 17,580 K 13,348 K 3488 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 0.01 14,772 K 17,036 K 952 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    daemonu.exe 0.01 4,392 K 2,052 K 2300 NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
    spoolsv.exe < 0.01 9,364 K 5,064 K 1256 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
    csrss.exe < 0.01 2,752 K 2,560 K 388 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
    dllhost.exe < 0.01 6,348 K 8,536 K 8856 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe < 0.01 36,660 K 28,820 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    OfficeClickToRun.exe < 0.01 48,144 K 13,784 K 7340 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
    SearchIndexer.exe < 0.01 24,440 K 15,256 K 1420 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
    nvvsvc.exe < 0.01 5,432 K 12,128 K 10192 NVIDIA Driver Helper Service, Version 309.08 NVIDIA Corporation (Verified) NVIDIA Corporation
    wuauclt.exe 2,880 K 1,652 K 344 Windows Update Microsoft Corporation (Verified) Microsoft Windows
    WmiPrvSE.exe 2,500 K 6,504 K 9724 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
    winlogon.exe 3,548 K 2,080 K 592 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
    wininit.exe 1,568 K 212 K 436 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
    TrustedInstaller.exe 10,268 K 2,404 K 4760 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 125,700 K 116,052 K 912 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 9,788 K 8,444 K 768 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 13,972 K 12,956 K 1292 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 3,532 K 3,856 K 364 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 5,072 K 4,472 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    svchost.exe 6,496 K 2,752 K 1460 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
    smss.exe 508 K 280 K 300 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
    services.exe 6,192 K 5,740 K 496 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
    QBIDPService.exe 10,916 K 700 K 1712 QBIDPService Intuit Inc. (No signature was present in the subject) Intuit Inc.
    procexp.exe 2,240 K 7,492 K 7256 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
    nvxdsync.exe 7,220 K 16,480 K 2848 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
    nvvsvc.exe 2,372 K 7,080 K 2664 NVIDIA Driver Helper Service, Version 309.08 NVIDIA Corporation (Verified) NVIDIA Corporation
    nvtray.exe 4,096 K 10,368 K 5504 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
    notepad.exe 1,444 K 9,372 K 3764 Notepad Microsoft Corporation (Verified) Microsoft Windows
    lsass.exe 20,076 K 10,496 K 508 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
    ctfmon.exe 2,156 K 4,640 K 8340 CTF Loader Microsoft Corporation (Verified) Microsoft Windows
    chrome.exe 65,284 K 89,708 K 7308 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 72,932 K 66,488 K 7876 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 2,284 K 5,868 K 8724 Google Chrome Google Inc. (Verified) Google Inc
    chrome.exe 2,444 K 6,668 K 6868 Google Chrome Google Inc. (Verified) Google Inc
    audiodg.exe 15,636 K 15,692 K 3324 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
    armsvc.exe 1,168 K 348 K 1396 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    JUNK.TXT
     
    Image Name                     PID Services                                    
    ========================= ======== ============================================
    System Idle Process              0 N/A                                         
    System                           4 N/A                                         
    smss.exe                       300 N/A                                         
    csrss.exe                      388 N/A                                         
    wininit.exe                    436 N/A                                         
    csrss.exe                      452 N/A                                         
    services.exe                   496 N/A                                         
    lsass.exe                      508 KeyIso, SamSs, VaultSvc                     
    lsm.exe                        516 N/A                                         
    winlogon.exe                   592 N/A                                         
    svchost.exe                    676 DcomLaunch, PlugPlay, Power                 
    svchost.exe                    768 RpcEptMapper, RpcSs                         
    svchost.exe                    840 AudioSrv, Dhcp, eventlog,                   
                                       HomeGroupProvider, lmhosts, wscsvc          
    svchost.exe                    912 AudioEndpointBuilder, CscService, hidserv,  
                                       HomeGroupListener, Netman, PcaSvc, SysMain, 
                                       TrkWks, UxSms, wudfsvc                      
    svchost.exe                    952 EventSystem, fdPHost, FontCache, netprofm,  
                                       nsi, WdiServiceHost                         
    svchost.exe                    984 Appinfo, BITS, Browser, iphlpsvc,           
                                       LanmanServer, MMCSS, ProfSvc, Schedule,     
                                       SENS, ShellHWDetection, Themes, Winmgmt,    
                                       wuauserv                                    
    svchost.exe                    364 gpsvc                                       
    svchost.exe                   1140 CryptSvc, Dnscache, LanmanWorkstation,      
                                       NlaSvc                                      
    spoolsv.exe                   1256 Spooler                                     
    svchost.exe                   1292 BFE, DPS, MpsSvc                            
    armsvc.exe                    1396 AdobeARMservice                             
    svchost.exe                   1460 DiagTrack                                   
    svchost.exe                   1540 FDResPub, SSDPSRV, upnphost, wcncsvc        
    QBCFMonitorService.exe        1596 QBCFMonitorService                          
    QBIDPService.exe              1712 QBVSS                                       
    svchost.exe                   1820 stisvc                                      
    dwm.exe                       2552 N/A                                         
    explorer.exe                  2616 N/A                                         
    BrYNSvc.exe                   2760 BrYNSvc                                     
    wmpnetwk.exe                  3300 WMPNetworkSvc                               
    svchost.exe                   3488 p2pimsvc, p2psvc, PNRPsvc                   
    daemonu.exe                   2300 nvUpdatusService                            
    wuauclt.exe                    344 N/A                                         
    TrustedInstaller.exe          4760 TrustedInstaller                            
    AvastSvc.exe                  1628 avast! Antivirus                            
    AvastUI.exe                   5348 N/A                                         
    OfficeClickToRun.exe          7340 ClickToRunSvc                               
    SearchIndexer.exe             1420 WSearch                                     
    ctfmon.exe                    8340 N/A                                         
    chrome.exe                    2488 N/A                                         
    chrome.exe                    8724 N/A                                         
    chrome.exe                    6868 N/A                                         
    chrome.exe                    7876 N/A                                         
    chrome.exe                    7308 N/A                                         
    nvvsvc.exe                    2664 nvsvc                                       
    nvxdsync.exe                  2848 N/A                                         
    nvvsvc.exe                   10192 N/A                                         
    nvtray.exe                    5504 N/A                                         
    dllhost.exe                   8856 N/A                                         
    Speccy64.exe                  9324 N/A                                         
    WmiPrvSE.exe                  8668 N/A                                         
    WmiPrvSE.exe                  5988 N/A                                         
    WmiPrvSE.exe                  7720 N/A                                         
    audiodg.exe                   2288 N/A                                         
    cmd.exe                       2364 N/A                                         
    conhost.exe                   5832 N/A                                         
    tasklist.exe                  7428 N/A                                         
     
     
    Thank You
     
     
     

    • 0

    #5
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,677 posts
    • MVP

    Speccy says the video card is running a bit hot.  Let's get a second opinion:

     

     
     
    Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it (Win 7 or Vista right click and Run As Admin.).
     
    It will tell you your temps in real time tho the default is to show the hard drive temp in the systray when minimized.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.
    What does it say is the temp for the Video or GPU?  Run a scan or watch a video and see how high it goes.
     
     
    Speccy also says you have one of those worthless Seagate drives  It is showing a lot of errors but these in particular are worth noting:
     
    05
    Attribute name Reallocated Sectors Count
    Real value 15
    Current 100
    Worst 100
    Threshold 36
    Raw Value 000000000F
    Status Good
    ...
    BB
    Attribute name Reported Uncorrectable Errors
    Real value 3,009
    Current 1
    Worst 1
    Threshold 0
    Raw Value 0000000BC1
    Status Good

     

     
     
     
    Probably time to clone the drive.  If you have a choice and the budget get a Western Digital Black but anything other than a Seagate.  They just don't last.
     
    I don't see anything that could cause popups.  Are you still getting them?

    • 0

    #6
    Crisponator

    Crisponator

      Member

    • Topic Starter
    • Member
    • PipPip
    • 18 posts

    Hi again,

    During this whole episode I have not seen any pop ups.. I was acting on info provided. I guess we will run it for a while as before, turn the antivirus back on and monitor the situation.

     

    Thank you for all your help.

     

    BTW fan speed says the fans are running at above 10 and 20K rpms so something is wrong with that, I do see the GPU at 70C so I will look at the heat sink and fan. Probably dirty.

     

    Hard drive replacement is on the schedule.

     

    Cheers! :wave:


    • 0

    #7
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,677 posts
    • MVP

    OK.  Once you clone and replace the drive, make sure you run a disk check:

    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check.  Reboot

     

    If you are going to put Avast back on let it do a boot-time scan:  (Maybe wait until you replace the hard drive and clean the heatsinks)  This can take a very long time so I usually let it run while I sleep.

     

     
    Open Avast
    Click on Protection
    Then on AntiVirus
    Then on Other Scans
    Then on Boot-time Scan
    Then on Install Specialized Definitions
    Run on Next PC reboot.
     
    Close Avast.
     
    When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
     
     
    Copy and paste the text from the log to a Reply when done.
     
     
    Time to clean up:
     
     
    If we installed Speccy it needs to be uninstalled.  FRST, Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted. 
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/Safari then get Ublock Origin add-on from:  https://www.ublock.org/
    Doesn't work on IE so for IE get the AdBlock Plus program.  Go to adblockplus.org
     
    If Chrome/Firefox is slow loading make sure Firefox only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    To prevent a relatively new phishing attack:  In Firefox, type:
     
    about:config
     
    in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in 
     
    puny
     
    You should only get one option:
    network.IDN_show_punycode
    We want it to say True but by default it is False so double click on it to toggle from False to True.
    Close and restart firefox.
     
    To test it you can go to:
     
     
    If the value is false you will see https://www.apple.cominstead of the correct value
     
     
    If you are a Facebook user get the FB Purity extension for your browser:
    This will stop all of the suggested pages and ads so that Facebook loads much quicker.
     
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    The free version does not update on its own so you should check for updated versions once in a while. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: Firefox, pop ups

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP