alx21
2016-10-21, 00:06
Hi
As a WhatsApp user, yesterday I instinctively clicked on an email which informed me that my free use of the service had expired, and that I had to pay £0.99 subscription per year to continue to use the app. The link took me to an office-like page, which then immediately closed. I checked on Google, and it seems it was a virus scam. Only last week I patched up all my computers with the latest Windows updates, and my anti-virus scans have subsequently found nothing. However, I am worried I may have a sophisticated virus on board.
I would very much appreciate some help. My logs are below.
Thanks.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by USER (administrator) on USER-PC (20-10-2016 20:52:53)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER & USER 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917584 2016-10-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe [1660216 2014-08-03] (Toolwiz)
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-05] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{21397152-3929-4C96-A5CC-2BC57AA0CFCB}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1086040 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1489240 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 ATSZIO; C:\Program Files (x86)\ASUS\ASUS PC Diagnostics\ATSZIO64.sys [19584 2013-01-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2014-08-03] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2014-08-03] (Toolwiz.com)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-20 20:52 - 2016-10-20 20:53 - 00009068 _____ C:\Users\USER\Desktop\FRST.txt
2016-10-20 20:51 - 2016-10-20 20:52 - 00000000 ____D C:\FRST
2016-10-20 20:49 - 2016-10-20 18:16 - 05198336 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
2016-10-20 20:49 - 2016-10-20 18:16 - 02407424 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2016-10-14 03:37 - 2016-10-14 03:37 - 00000000 ____D C:\Users\USER\Desktop\Windows_Update_patch
2016-10-14 03:22 - 2016-07-22 15:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-14 03:22 - 2016-07-22 15:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-14 02:37 - 2016-09-30 21:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-14 02:37 - 2016-09-30 20:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-14 02:37 - 2016-09-30 16:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-14 02:37 - 2016-09-30 16:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-14 02:37 - 2016-09-30 16:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-14 02:37 - 2016-09-30 08:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-14 02:37 - 2016-09-30 07:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-14 02:37 - 2016-09-30 07:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-14 02:37 - 2016-09-30 07:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-14 02:37 - 2016-09-30 07:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-14 02:37 - 2016-09-30 07:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-14 02:37 - 2016-09-30 07:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-14 02:37 - 2016-09-30 07:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-14 02:37 - 2016-09-30 07:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-14 02:37 - 2016-09-30 07:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-14 02:37 - 2016-09-30 07:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-14 02:37 - 2016-09-30 07:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-14 02:37 - 2016-09-30 07:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-14 02:37 - 2016-09-30 07:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-14 02:37 - 2016-09-30 07:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-14 02:37 - 2016-09-30 06:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-14 02:37 - 2016-09-30 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-14 02:37 - 2016-09-30 06:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-14 02:37 - 2016-09-30 06:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-14 02:37 - 2016-09-30 06:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-14 02:37 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-14 02:37 - 2016-09-30 06:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-14 02:37 - 2016-09-30 06:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-14 02:37 - 2016-09-30 06:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-14 02:37 - 2016-09-30 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-14 02:37 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-14 02:37 - 2016-09-30 06:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-14 02:37 - 2016-09-30 06:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-14 02:37 - 2016-09-30 06:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-14 02:37 - 2016-09-30 06:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-14 02:37 - 2016-09-30 06:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-14 02:37 - 2016-09-30 06:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-14 02:37 - 2016-09-30 06:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-14 02:37 - 2016-09-30 06:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-14 02:37 - 2016-09-30 06:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-14 02:37 - 2016-09-30 06:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-14 02:37 - 2016-09-30 06:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-14 02:37 - 2016-09-30 06:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-14 02:37 - 2016-09-30 06:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-14 02:37 - 2016-09-30 06:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-14 02:37 - 2016-09-30 06:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-14 02:37 - 2016-09-30 06:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-14 02:37 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-14 02:37 - 2016-09-30 06:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-14 02:37 - 2016-09-30 06:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-14 02:37 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-14 02:37 - 2016-09-30 05:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-14 02:37 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-14 02:37 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-14 02:37 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-14 02:37 - 2016-09-15 16:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-14 02:37 - 2016-09-15 16:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-14 02:37 - 2016-09-15 16:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-14 02:37 - 2016-09-15 16:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-14 02:37 - 2016-09-12 22:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-14 02:37 - 2016-09-12 22:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-14 02:37 - 2016-09-12 22:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-14 02:37 - 2016-09-12 21:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-14 02:37 - 2016-09-12 21:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-14 02:37 - 2016-09-12 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-14 02:37 - 2016-09-12 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-14 02:37 - 2016-09-12 21:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-14 02:37 - 2016-09-12 20:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-14 02:37 - 2016-09-12 19:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-14 02:37 - 2016-09-12 19:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-14 02:37 - 2016-09-10 17:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-14 02:37 - 2016-09-10 16:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-14 02:37 - 2016-09-09 19:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-14 02:37 - 2016-09-09 19:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-14 02:37 - 2016-09-09 19:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-14 02:37 - 2016-09-09 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-14 02:37 - 2016-09-09 18:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-14 02:37 - 2016-09-09 18:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-14 02:37 - 2016-09-09 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-14 02:37 - 2016-09-09 18:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-14 02:37 - 2016-09-09 18:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-14 02:37 - 2016-09-09 18:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-14 02:37 - 2016-09-08 15:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-14 02:37 - 2016-09-08 15:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-14 02:37 - 2016-08-12 18:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-14 02:37 - 2016-08-12 18:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-14 02:37 - 2016-08-12 18:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-14 02:37 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-14 02:37 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-14 02:37 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-14 02:37 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-14 02:37 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-14 02:37 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-14 02:37 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-14 02:37 - 2016-08-12 17:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-14 02:37 - 2016-08-06 16:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-14 02:37 - 2016-08-06 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-14 02:37 - 2016-06-14 18:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-14 02:37 - 2016-06-14 18:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-14 02:37 - 2016-06-14 18:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-14 02:37 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-14 02:37 - 2016-06-14 16:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-14 02:37 - 2016-06-14 16:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-14 02:37 - 2016-06-14 16:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-14 02:37 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-14 02:37 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-14 02:37 - 2016-06-14 16:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-14 02:37 - 2016-06-14 16:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-14 01:57 - 2016-05-13 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-10-14 01:57 - 2016-05-13 22:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-14 01:57 - 2016-05-12 18:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-10-14 01:57 - 2016-05-12 16:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-10-14 01:57 - 2016-05-12 16:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-10-14 01:57 - 2016-05-04 18:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-10-14 01:57 - 2016-05-04 18:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-10-14 01:57 - 2016-05-04 18:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-10-14 01:57 - 2016-05-04 16:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-10-14 01:57 - 2016-05-04 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-10-14 01:56 - 2016-05-13 23:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-14 01:56 - 2016-05-13 23:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-14 01:56 - 2016-05-13 23:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-14 01:56 - 2016-05-13 22:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-14 01:56 - 2016-05-13 22:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-14 01:56 - 2016-05-13 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-14 01:56 - 2016-05-13 22:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-14 01:56 - 2016-05-13 22:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-14 01:56 - 2016-05-04 18:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-14 01:56 - 2016-05-04 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-12 08:42 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-12 08:42 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-10-12 08:42 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-10-12 08:42 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-10-12 04:22 - 2016-10-12 04:22 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-10-10 08:56 - 2016-09-12 22:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-10 08:56 - 2016-09-12 22:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-10 08:56 - 2016-08-16 21:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-10 08:56 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-10 08:56 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-10 08:56 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-10 08:56 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-10 08:56 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-10 08:56 - 2016-08-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-10 08:56 - 2016-08-05 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-10 08:52 - 2016-08-29 16:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-10 08:52 - 2016-08-29 15:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-10 08:49 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-10 08:49 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-10-10 07:17 - 2016-06-25 20:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-10 07:17 - 2016-06-25 20:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-10-10 07:17 - 2016-06-25 20:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-10-10 07:17 - 2016-06-25 20:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-10-10 07:17 - 2016-06-25 20:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-10-10 07:17 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-10-10 07:17 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-10-10 07:17 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-10-10 07:17 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-10-10 07:17 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-10-10 07:17 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-10-10 07:17 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-10-10 07:17 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-10-10 07:17 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-10-10 07:17 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-10-10 07:17 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-10 07:17 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-10-10 07:17 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-10-10 07:17 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-10-10 07:17 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-10-10 07:17 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-09-30 00:21 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-09-30 00:21 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-09-30 00:21 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-30 00:21 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-09-30 00:21 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-09-30 00:19 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-30 00:19 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-19 17:21 - 2016-09-19 17:21 - 00001134 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-05 15:09 - 2016-08-05 15:09 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-20 20:49 - 2009-07-14 06:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-20 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-20 20:32 - 2014-07-28 09:36 - 00000000 ____D C:\Users\USER\Desktop\Reg_Merge
2016-10-20 20:13 - 2009-07-14 05:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-20 20:13 - 2009-07-14 05:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-20 20:05 - 2014-06-15 00:30 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2016-10-20 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 17:55 - 2014-06-15 23:51 - 00000000 __SHD C:\Users\USER 2\IntelGraphicsProfiles
2016-10-19 14:59 - 2015-10-17 01:20 - 02434820 _____ C:\Windows\ntbtlog.txt
2016-10-19 14:47 - 2016-01-15 04:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-16 08:41 - 2015-01-04 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-10-14 02:46 - 2009-07-14 05:45 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-14 02:45 - 2015-04-19 20:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-14 02:45 - 2014-06-05 14:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-14 02:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-14 02:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-14 02:42 - 2014-06-05 14:49 - 00767472 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-12 07:55 - 2015-12-05 04:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 07:55 - 2015-05-15 20:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-12 04:23 - 2016-06-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-12 04:22 - 2015-01-04 08:52 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-10-12 04:22 - 2015-01-04 08:52 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-06-03 19:00 - 2014-06-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\USER 2\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-14 18:31
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by USER (20-10-2016 20:53:18)
Running from C:\Users\USER\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-06-03 06:06:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3637568697-3626813344-1068635648-500 - Administrator - Disabled)
Guest (S-1-5-21-3637568697-3626813344-1068635648-501 - Limited - Disabled)
USER (S-1-5-21-3637568697-3626813344-1068635648-1000 - Administrator - Enabled) => C:\Users\USER
USER 2 (S-1-5-21-3637568697-3626813344-1068635648-1001 - Limited - Enabled) => C:\Users\USER 2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.3.0 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Toolwiz Time Freeze 2014 (HKLM-x32\...\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}) (Version: 2.2.0.6000 - Toolwiz)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3637568697-3626813344-1068635648-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {48AF3E03-914E-4AC3-B4FF-B47EB2CF9338} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {D9890C05-6363-4432-8AA8-D7F8D7221BCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-19 22:28 - 2012-08-21 16:07 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-10-19 22:29 - 2012-08-21 16:07 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-06-03 07:33 - 2013-05-07 15:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-06-03 07:33 - 2016-10-20 20:05 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-06-03 07:33 - 2013-05-07 15:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-06-03 07:37 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2016 07:25:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4D00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/14/2016 02:44:48 AM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (02/17/2016 10:48:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (01/15/2016 01:13:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/20/2016 08:48:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:48:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:48:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:05:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:12:09 on 20/10/2016 was unexpected.
Error: (10/20/2016 05:54:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:15:37 on 20/10/2016 was unexpected.
Error: (10/19/2016 02:58:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:56:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:53:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:52:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 21%
Total physical RAM: 7872.14 MB
Available physical RAM: 6186.6 MB
Total Virtual: 15742.46 MB
Available Virtual: 13988.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:367.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 253A95FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-10-20 20:55:38
-----------------------------
20:55:38.526 OS Version: Windows x64 6.1.7601 Service Pack 1
20:55:38.526 Number of processors: 4 586 0x3C03
20:55:38.526 ComputerName: USER-PC UserName: USER
20:55:39.321 Initialize success
20:55:39.353 VM: initialized successfully
20:55:39.353 VM: Intel CPU BiosDisabled
20:55:58.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:58.505 Disk 0 Vendor: WDC_WD5003AZEX-00MK2A0 01.01A01 Size: 476940MB BusType: 11
20:55:58.693 Disk 0 MBR read successfully
20:55:58.708 Disk 0 MBR scan
20:55:58.708 Disk 0 Windows 7 default MBR code
20:55:58.739 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:55:58.755 Disk 0 default boot code
20:55:58.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:55:58.786 Disk 0 scanning C:\Windows\system32\drivers
20:56:02.593 Service scanning
20:56:09.769 Modules scanning
20:56:09.784 Disk 0 trace - called modules:
20:56:09.815 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:56:09.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078ed060]
20:56:09.831 3 CLASSPNP.SYS[fffff880017b043f] -> nt!IofCallDriver -> [0xfffffa800772fc50]
20:56:09.831 5 iaStorF.sys[fffff880018b5a84] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800733a060]
20:56:09.847 Disk 0 statistics 96488/0/0 @ 12.57 MB/s
20:56:09.847 Scan finished successfully
20:56:27.678 Disk 0 MBR has been saved successfully to "C:\Users\USER\Desktop\MBR.dat"
20:56:27.678 The log file has been saved successfully to "C:\Users\USER\Desktop\aswMBR.txt"
As a WhatsApp user, yesterday I instinctively clicked on an email which informed me that my free use of the service had expired, and that I had to pay £0.99 subscription per year to continue to use the app. The link took me to an office-like page, which then immediately closed. I checked on Google, and it seems it was a virus scam. Only last week I patched up all my computers with the latest Windows updates, and my anti-virus scans have subsequently found nothing. However, I am worried I may have a sophisticated virus on board.
I would very much appreciate some help. My logs are below.
Thanks.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by USER (administrator) on USER-PC (20-10-2016 20:52:53)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER (Available Profiles: USER & USER 2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917584 2016-10-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe [1660216 2014-08-03] (Toolwiz)
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-05] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{21397152-3929-4C96-A5CC-2BC57AA0CFCB}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Internet Explorer:
==================
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1086040 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-10-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1489240 2016-10-12] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S3 ATSZIO; C:\Program Files (x86)\ASUS\ASUS PC Diagnostics\ATSZIO64.sys [19584 2013-01-16] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2014-08-03] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2014-08-03] (Toolwiz.com)
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-20 20:52 - 2016-10-20 20:53 - 00009068 _____ C:\Users\USER\Desktop\FRST.txt
2016-10-20 20:51 - 2016-10-20 20:52 - 00000000 ____D C:\FRST
2016-10-20 20:49 - 2016-10-20 18:16 - 05198336 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
2016-10-20 20:49 - 2016-10-20 18:16 - 02407424 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2016-10-14 03:37 - 2016-10-14 03:37 - 00000000 ____D C:\Users\USER\Desktop\Windows_Update_patch
2016-10-14 03:22 - 2016-07-22 15:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-14 03:22 - 2016-07-22 15:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-14 02:37 - 2016-09-30 21:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-14 02:37 - 2016-09-30 20:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-14 02:37 - 2016-09-30 16:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-14 02:37 - 2016-09-30 16:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-14 02:37 - 2016-09-30 16:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-14 02:37 - 2016-09-30 08:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-14 02:37 - 2016-09-30 07:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-14 02:37 - 2016-09-30 07:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-14 02:37 - 2016-09-30 07:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-14 02:37 - 2016-09-30 07:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-14 02:37 - 2016-09-30 07:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-14 02:37 - 2016-09-30 07:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-14 02:37 - 2016-09-30 07:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-14 02:37 - 2016-09-30 07:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-14 02:37 - 2016-09-30 07:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-14 02:37 - 2016-09-30 07:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-14 02:37 - 2016-09-30 07:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-14 02:37 - 2016-09-30 07:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-14 02:37 - 2016-09-30 07:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-14 02:37 - 2016-09-30 07:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-14 02:37 - 2016-09-30 07:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-14 02:37 - 2016-09-30 06:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-14 02:37 - 2016-09-30 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-14 02:37 - 2016-09-30 06:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-14 02:37 - 2016-09-30 06:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-14 02:37 - 2016-09-30 06:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-14 02:37 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-14 02:37 - 2016-09-30 06:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-14 02:37 - 2016-09-30 06:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-14 02:37 - 2016-09-30 06:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-14 02:37 - 2016-09-30 06:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-14 02:37 - 2016-09-30 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-14 02:37 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-14 02:37 - 2016-09-30 06:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-14 02:37 - 2016-09-30 06:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-14 02:37 - 2016-09-30 06:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-14 02:37 - 2016-09-30 06:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-14 02:37 - 2016-09-30 06:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-14 02:37 - 2016-09-30 06:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-14 02:37 - 2016-09-30 06:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-14 02:37 - 2016-09-30 06:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-14 02:37 - 2016-09-30 06:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-14 02:37 - 2016-09-30 06:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-14 02:37 - 2016-09-30 06:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-14 02:37 - 2016-09-30 06:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-14 02:37 - 2016-09-30 06:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-14 02:37 - 2016-09-30 06:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-14 02:37 - 2016-09-30 06:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-14 02:37 - 2016-09-30 06:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-14 02:37 - 2016-09-30 06:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-14 02:37 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-14 02:37 - 2016-09-30 06:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-14 02:37 - 2016-09-30 06:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-14 02:37 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-14 02:37 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-14 02:37 - 2016-09-30 05:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-14 02:37 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-14 02:37 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-14 02:37 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-14 02:37 - 2016-09-15 16:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-14 02:37 - 2016-09-15 16:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-14 02:37 - 2016-09-15 16:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-14 02:37 - 2016-09-15 16:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-14 02:37 - 2016-09-12 22:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-14 02:37 - 2016-09-12 22:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-14 02:37 - 2016-09-12 22:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-14 02:37 - 2016-09-12 22:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-14 02:37 - 2016-09-12 21:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-14 02:37 - 2016-09-12 21:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-14 02:37 - 2016-09-12 21:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-14 02:37 - 2016-09-12 21:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-14 02:37 - 2016-09-12 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-14 02:37 - 2016-09-12 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-14 02:37 - 2016-09-12 21:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-14 02:37 - 2016-09-12 20:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-14 02:37 - 2016-09-12 19:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-14 02:37 - 2016-09-12 19:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-14 02:37 - 2016-09-10 17:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-14 02:37 - 2016-09-10 16:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-14 02:37 - 2016-09-09 19:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-14 02:37 - 2016-09-09 19:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-14 02:37 - 2016-09-09 19:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 19:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-14 02:37 - 2016-09-09 19:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-14 02:37 - 2016-09-09 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-14 02:37 - 2016-09-09 18:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-14 02:37 - 2016-09-09 18:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-14 02:37 - 2016-09-09 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-14 02:37 - 2016-09-09 18:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-14 02:37 - 2016-09-09 18:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-14 02:37 - 2016-09-09 18:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-14 02:37 - 2016-09-09 18:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-14 02:37 - 2016-09-09 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-14 02:37 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-14 02:37 - 2016-09-08 15:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-14 02:37 - 2016-09-08 15:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-14 02:37 - 2016-08-12 18:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-14 02:37 - 2016-08-12 18:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-14 02:37 - 2016-08-12 18:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-14 02:37 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-14 02:37 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-14 02:37 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-14 02:37 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-14 02:37 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-14 02:37 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-14 02:37 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-14 02:37 - 2016-08-12 17:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-14 02:37 - 2016-08-06 16:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-14 02:37 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-14 02:37 - 2016-08-06 16:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-14 02:37 - 2016-08-06 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-14 02:37 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-14 02:37 - 2016-06-14 18:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-14 02:37 - 2016-06-14 18:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-14 02:37 - 2016-06-14 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-14 02:37 - 2016-06-14 18:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-14 02:37 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-14 02:37 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-14 02:37 - 2016-06-14 16:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-14 02:37 - 2016-06-14 16:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-14 02:37 - 2016-06-14 16:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-14 02:37 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-14 02:37 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-14 02:37 - 2016-06-14 16:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-14 02:37 - 2016-06-14 16:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-14 01:57 - 2016-05-13 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-10-14 01:57 - 2016-05-13 22:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-10-14 01:57 - 2016-05-13 22:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-10-14 01:57 - 2016-05-12 18:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-10-14 01:57 - 2016-05-12 16:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-10-14 01:57 - 2016-05-12 16:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-10-14 01:57 - 2016-05-04 18:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-10-14 01:57 - 2016-05-04 18:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-10-14 01:57 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-10-14 01:57 - 2016-05-04 18:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-10-14 01:57 - 2016-05-04 16:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-10-14 01:57 - 2016-05-04 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-10-14 01:56 - 2016-05-13 23:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-10-14 01:56 - 2016-05-13 23:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-10-14 01:56 - 2016-05-13 23:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-10-14 01:56 - 2016-05-13 22:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-10-14 01:56 - 2016-05-13 22:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-10-14 01:56 - 2016-05-13 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-10-14 01:56 - 2016-05-13 22:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-10-14 01:56 - 2016-05-13 22:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-10-14 01:56 - 2016-05-13 22:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-10-14 01:56 - 2016-05-04 18:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-14 01:56 - 2016-05-04 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-12 08:42 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-12 08:42 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-10-12 08:42 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-10-12 08:42 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-10-12 04:22 - 2016-10-12 04:22 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-10-10 08:56 - 2016-09-12 22:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-10 08:56 - 2016-09-12 22:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-10 08:56 - 2016-09-09 16:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-10 08:56 - 2016-08-16 21:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-10 08:56 - 2016-08-16 21:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-10 08:56 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-10 08:56 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-10 08:56 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-10-10 08:56 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-10-10 08:56 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-10-10 08:56 - 2016-08-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-10-10 08:56 - 2016-08-05 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-10 08:52 - 2016-08-29 16:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-10 08:52 - 2016-08-29 16:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-10 08:52 - 2016-08-29 16:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-10 08:52 - 2016-08-29 15:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-10 08:49 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-10-10 08:49 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-10-10 07:17 - 2016-06-26 01:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-10-10 07:17 - 2016-06-25 20:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-10-10 07:17 - 2016-06-25 20:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-10-10 07:17 - 2016-06-25 20:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-10-10 07:17 - 2016-06-25 20:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-10-10 07:17 - 2016-06-25 20:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-10-10 07:17 - 2016-05-18 17:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-10-10 07:17 - 2016-05-18 17:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-10-10 07:17 - 2016-05-13 23:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-10-10 07:17 - 2016-05-13 23:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-10-10 07:17 - 2016-05-13 22:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-10-10 07:17 - 2016-05-13 22:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-10-10 07:17 - 2016-05-13 22:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-10-10 07:17 - 2016-05-13 22:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-10-10 07:17 - 2016-05-13 22:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-10-10 07:17 - 2016-05-12 18:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-10-10 07:17 - 2016-05-12 18:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-10-10 07:17 - 2016-05-12 18:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-10-10 07:17 - 2016-05-12 16:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-10-10 07:17 - 2016-05-12 14:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-10 07:17 - 2016-05-12 14:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-10-10 07:17 - 2016-05-12 14:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-10-10 07:17 - 2016-05-11 18:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-10-10 07:17 - 2016-05-11 16:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-10-10 07:17 - 2016-05-11 16:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-10-10 07:17 - 2016-05-11 16:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-10-10 07:17 - 2016-05-11 15:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-09-30 00:21 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-09-30 00:21 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-09-30 00:21 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-30 00:21 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-09-30 00:21 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-09-30 00:19 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-30 00:19 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-19 17:21 - 2016-09-19 17:21 - 00001134 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-08-05 15:09 - 2016-08-05 15:09 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2016-08-05 15:09 - 2016-08-05 15:09 - 00019104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2016-08-05 15:02 - 2016-08-05 15:02 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-20 20:49 - 2009-07-14 06:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-20 20:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-20 20:32 - 2014-07-28 09:36 - 00000000 ____D C:\Users\USER\Desktop\Reg_Merge
2016-10-20 20:13 - 2009-07-14 05:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-20 20:13 - 2009-07-14 05:45 - 00014112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-20 20:05 - 2014-06-15 00:30 - 00000000 __SHD C:\Users\USER\IntelGraphicsProfiles
2016-10-20 20:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 17:55 - 2014-06-15 23:51 - 00000000 __SHD C:\Users\USER 2\IntelGraphicsProfiles
2016-10-19 14:59 - 2015-10-17 01:20 - 02434820 _____ C:\Windows\ntbtlog.txt
2016-10-19 14:47 - 2016-01-15 04:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-16 08:41 - 2015-01-04 10:23 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-10-14 02:46 - 2009-07-14 05:45 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-14 02:45 - 2015-04-19 20:54 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-14 02:45 - 2014-06-05 14:35 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-14 02:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-14 02:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-14 02:42 - 2014-06-05 14:49 - 00767472 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-12 07:55 - 2015-12-05 04:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-12 07:55 - 2015-05-15 20:58 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-12 04:23 - 2016-06-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-12 04:22 - 2015-01-04 08:52 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-10-12 04:22 - 2015-01-04 08:52 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Files in the root of some directories =======
2014-06-03 19:00 - 2014-06-03 19:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\USER 2\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-14 18:31
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by USER (20-10-2016 20:53:18)
Running from C:\Users\USER\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-06-03 06:06:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3637568697-3626813344-1068635648-500 - Administrator - Disabled)
Guest (S-1-5-21-3637568697-3626813344-1068635648-501 - Limited - Disabled)
USER (S-1-5-21-3637568697-3626813344-1068635648-1000 - Administrator - Enabled) => C:\Users\USER
USER 2 (S-1-5-21-3637568697-3626813344-1068635648-1001 - Limited - Enabled) => C:\Users\USER 2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.3.0 - ASUSTeK Computer Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.22.54 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Toolwiz Time Freeze 2014 (HKLM-x32\...\{3A74D01E-3AEF-4DF4-8404-0056150C97A3}) (Version: 2.2.0.6000 - Toolwiz)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3637568697-3626813344-1068635648-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {48AF3E03-914E-4AC3-B4FF-B47EB2CF9338} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {D9890C05-6363-4432-8AA8-D7F8D7221BCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-19 22:28 - 2012-08-21 16:07 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-10-19 22:29 - 2012-08-21 16:07 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-06-03 07:33 - 2013-05-07 15:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-06-03 07:33 - 2016-10-20 20:05 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-06-03 07:33 - 2013-05-07 15:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-06-03 07:37 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3637568697-3626813344-1068635648-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\USER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/02/2016 07:25:54 PM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F104E4D00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (03/14/2016 02:44:48 AM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (02/17/2016 10:48:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (01/15/2016 01:13:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: USER-PC)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5800}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (08/28/2015 01:46:53 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/20/2016 08:48:27 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:48:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:48:26 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
Error: (10/20/2016 08:05:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:12:09 on 20/10/2016 was unexpected.
Error: (10/20/2016 05:54:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:15:37 on 20/10/2016 was unexpected.
Error: (10/19/2016 02:58:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:56:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:53:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:52:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (10/19/2016 02:52:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 21%
Total physical RAM: 7872.14 MB
Available physical RAM: 6186.6 MB
Total Virtual: 15742.46 MB
Available Virtual: 13988.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:367.28 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 253A95FA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-10-20 20:55:38
-----------------------------
20:55:38.526 OS Version: Windows x64 6.1.7601 Service Pack 1
20:55:38.526 Number of processors: 4 586 0x3C03
20:55:38.526 ComputerName: USER-PC UserName: USER
20:55:39.321 Initialize success
20:55:39.353 VM: initialized successfully
20:55:39.353 VM: Intel CPU BiosDisabled
20:55:58.505 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:58.505 Disk 0 Vendor: WDC_WD5003AZEX-00MK2A0 01.01A01 Size: 476940MB BusType: 11
20:55:58.693 Disk 0 MBR read successfully
20:55:58.708 Disk 0 MBR scan
20:55:58.708 Disk 0 Windows 7 default MBR code
20:55:58.739 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:55:58.755 Disk 0 default boot code
20:55:58.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:55:58.786 Disk 0 scanning C:\Windows\system32\drivers
20:56:02.593 Service scanning
20:56:09.769 Modules scanning
20:56:09.784 Disk 0 trace - called modules:
20:56:09.815 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:56:09.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078ed060]
20:56:09.831 3 CLASSPNP.SYS[fffff880017b043f] -> nt!IofCallDriver -> [0xfffffa800772fc50]
20:56:09.831 5 iaStorF.sys[fffff880018b5a84] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800733a060]
20:56:09.847 Disk 0 statistics 96488/0/0 @ 12.57 MB/s
20:56:09.847 Scan finished successfully
20:56:27.678 Disk 0 MBR has been saved successfully to "C:\Users\USER\Desktop\MBR.dat"
20:56:27.678 The log file has been saved successfully to "C:\Users\USER\Desktop\aswMBR.txt"