Jump to content


Photo

Logpab.dll keeps triggering Fix-It Utilities Active Defense


  • This topic is locked This topic is locked
4 replies to this topic

#1 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 20 October 2016 - 11:37 PM

Fix-It Utilities Active Defense is being repeatedly triggered by the following file:

Parent Process: C:\Program Files\Mozilla Firefox\firefox.exe
File: C:\Users\Francis\AppData\Local\IomUmcu\Logpab.dll

Parent Process: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
File: C:\Users\Francis\AppData\Local\IomUmcu\Logpab.dll
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/20/2016
Scan Time: 3:52 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.20.15
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Francis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301517
Time Elapsed: 9 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Francis (administrator) on FRANCIS-PC (20-10-2016 15:43:45)
Running from C:\Users\Francis\Desktop
Loaded Profiles: Francis (Available Profiles: Francis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Avanquest Software North America) C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe
(Avanquest Software) C:\Program Files (x86)\Avanquest\Fix-It\MXTask2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(GFI Software) C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(magicJack L.P.) C:\Users\Francis\AppData\Roaming\mjusbsp\magicJack.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2014-09-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-24] (Intel Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [cdloader] => C:\Users\Francis\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [BingSvc] => C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [{EBF71F1A-4B01-4C28-850D-12E6552732D4}] => regsvr32.exe "C:\Users\Francis\AppData\Local\IomUmcu\Logpab.dll"
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\MountPoints2: F - F:\autorun.exe
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\MountPoints2: {49038547-4570-11e6-8aac-806e6f6e6963} - D:\Start.exe
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\MountPoints2: {bb6131ef-4567-11e6-b065-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2016-07-17]
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2CF70BD1-8F45-4A56-BA1E-278F84E8FFBD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8B3DFC35-7B4D-43C4-BBE5-D1CEE908CCDC}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318 [2016-10-20]
FF Homepage: Mozilla\Firefox\Profiles\abyovej7.default-1468133131318 -> hxxp://www.tvguide.com/listings/
hxxps://calendar.yahoo.com/
hxxps://www.att.com/olam/loginAction.olamexecute?sessionTimeOutAutoLogout=true&vhname=www.att.com:443
hxxps://us-mg5.mail.yahoo.com/neo/launch
hxxp://chess.math.com/index.html?b=&h=queen&i=slow#
hxxp://mingle2.com/user/step1?nexturl=http%3A%2F%2Fmingle2.com%2Fmutual_match%2Fmatch%2F15538094
hxxp://www.pof.com/meetme.aspx#meetmetop
hxxp://www.tvmuse.com/
hxxps://www.amazon.com/gp/cart/view.html/ref=nav_cart
hxxp://www.tvguide.com/listings/
hxxp://www.sfgate.com/tv/
hxxps://www.foodsco.net/#/weeklyAdCarousel
FF NetworkProxy: Mozilla\Firefox\Profiles\abyovej7.default-1468133131318 -> type", 0
FF Extension: (Ghostery) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\firefox@ghostery.com.xpi [2016-09-21]
FF Extension: (HTTPS Everywhere) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\https-everywhere@eff.org.xpi [2016-10-09]
FF Extension: (NO Google Analytics) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi [2016-07-10]
FF Extension: (LastPass) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\support@lastpass.com [2016-08-07]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\tineye@ideeinc.com.xpi [2016-09-01]
FF Extension: (uBlock Origin) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\uBlock0@raymondhill.net.xpi [2016-10-03]
FF Extension: (Clean Links) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2016-07-10]
FF Extension: (Bluhell Firewall) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2016-08-09]
FF Extension: (NoScript) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-28]
FF Extension: (QuickJava) - C:\Users\Francis\AppData\Roaming\Mozilla\Firefox\Profiles\abyovej7.default-1468133131318\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-09]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-29] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 .AVQWindowsMonitorService; C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe [249192 2013-12-13] (Avanquest Software)
R2 AQFileRestoreSrv; C:\Program Files (x86)\Avanquest\Fix-It\AQFileRestoreSrv.exe [82816 2013-12-13] (Avanquest Software)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-27] ()
R2 Fix-It Task Manager; C:\Program Files (x86)\Avanquest\Fix-It\MXTask.exe [534472 2013-12-13] (Avanquest Software)
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-29] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-29] (NVIDIA Corporation)
R2 SBAMSvc; C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\SBAMSvc.exe [3677000 2012-11-06] (GFI Software)
R2 VCOMCloudAgent; C:\Program Files (x86)\Avanquest\Fix-It\VcomCloudAgent.exe [133504 2013-12-13] (Avanquest Software North America)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-07-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AQFileRestore; C:\Windows\System32\DRIVERS\AQFileRestore.sys [21584 2013-12-13] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-27] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 mv2; C:\Windows\System32\DRIVERS\mv2.sys [12904 2013-10-24] (UVNC BVBA)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-29] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 15:43 - 2016-10-20 15:43 - 00014938 _____ C:\Users\Francis\Desktop\FRST.txt
2016-10-20 15:43 - 2016-10-20 15:43 - 00000000 ____D C:\FRST
2016-10-20 15:29 - 2016-10-20 15:39 - 00000000 ____D C:\Users\Francis\Desktop\Scan Logs
2016-10-20 15:29 - 2016-10-20 15:29 - 00000117 _____ C:\Users\Francis\Desktop\Problem files.txt
2016-10-20 15:10 - 2016-10-20 15:10 - 02407424 _____ (Farbar) C:\Users\Francis\Desktop\FRST64.exe
2016-10-20 14:41 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-20 14:41 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-18 23:37 - 2016-10-18 23:37 - 00000000 _____ C:\autoexec.bat
2016-10-16 02:53 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-16 02:53 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-16 02:53 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-16 02:53 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-16 02:53 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-16 02:53 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-16 02:53 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-16 02:53 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-16 02:53 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-16 02:53 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-16 02:53 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-16 02:53 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-16 02:53 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-16 02:53 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-16 02:53 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-16 02:53 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-16 02:53 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-16 02:53 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-16 02:53 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-16 02:53 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-16 02:53 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-16 02:53 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-16 02:53 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-16 02:53 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-16 02:53 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-16 02:53 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-16 02:53 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-16 02:53 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-16 02:53 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-16 02:53 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-16 02:53 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-16 02:53 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-16 02:53 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-16 02:53 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-16 02:53 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-16 02:53 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-16 02:52 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-16 02:52 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-16 02:52 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-16 02:52 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-16 02:52 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-16 02:52 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-16 02:52 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-16 02:52 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-16 02:52 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-16 02:52 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-16 02:52 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-16 02:52 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-16 02:52 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-16 02:52 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-16 02:52 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-16 02:52 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-16 02:52 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-16 02:52 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-16 02:52 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-16 02:52 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-16 02:52 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-16 02:52 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-16 02:52 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-16 02:52 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-16 02:52 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-16 02:52 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-16 02:52 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-16 02:52 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-16 02:52 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-16 02:52 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-16 02:52 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-16 02:52 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-16 02:52 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-16 02:52 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-16 02:52 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-16 02:52 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-16 02:52 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-16 02:52 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-16 02:52 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-16 02:52 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-16 02:52 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-16 02:52 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-16 02:52 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-16 02:52 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-16 02:52 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-16 02:52 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-16 02:52 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-16 02:52 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-16 02:52 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-16 02:52 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-16 02:52 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-16 02:52 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-16 02:52 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-16 02:52 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-16 02:52 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-16 02:52 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-16 02:52 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-16 02:52 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-16 02:52 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-16 02:52 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-16 02:52 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-16 02:52 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-16 02:52 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-16 02:52 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-16 02:52 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-16 02:52 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-16 02:52 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-16 02:52 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-16 02:52 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-16 02:52 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-16 02:52 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-16 02:52 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-16 02:52 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-16 02:52 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-16 02:52 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-16 02:52 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-16 02:52 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-16 02:52 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-16 02:52 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-16 02:52 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-16 02:52 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-16 02:52 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-16 02:52 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-16 02:52 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-16 02:52 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-16 02:52 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-16 02:52 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-16 02:52 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-16 02:52 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-16 02:52 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-16 02:52 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-16 02:52 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-16 02:52 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-16 02:52 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-16 02:52 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-16 02:52 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-16 02:52 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-16 02:52 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-16 02:52 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-16 02:52 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-16 02:52 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-16 02:52 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-16 02:52 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-16 02:52 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-16 02:52 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-16 02:52 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-16 02:52 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-16 02:52 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-16 02:50 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-16 02:50 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-16 02:50 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-16 02:50 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-16 02:50 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-16 02:50 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-16 02:50 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-16 02:50 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-11 17:55 - 2016-10-20 15:35 - 00000000 ____D C:\Users\Francis\AppData\Local\IomUmcu
2016-10-11 15:54 - 2016-10-11 15:54 - 00116973 _____ C:\Users\Francis\Desktop\THE SPACE BETWEEN US @ Metreon.pdf
2016-10-09 14:28 - 2016-10-12 20:27 - 00000080 _____ C:\Users\Francis\Documents\Notes.txt
2016-09-26 10:47 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-26 10:47 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-23 17:17 - 2016-10-09 22:33 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 15:36 - 2016-07-09 17:55 - 00000000 ____D C:\_Backup
2016-10-20 15:30 - 2016-07-12 10:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-20 15:29 - 2009-07-13 22:13 - 00783214 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-20 15:29 - 2009-07-13 21:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-20 15:29 - 2009-07-13 21:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-20 15:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-20 15:22 - 2016-07-09 19:53 - 00000000 ____D C:\Users\Francis\AppData\Roaming\Skype
2016-10-20 15:21 - 2016-07-09 20:05 - 00000959 _____ C:\Users\Francis\Desktop\magicJack.lnk
2016-10-20 15:21 - 2016-07-09 20:05 - 00000945 _____ C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2016-10-20 15:21 - 2016-07-09 20:04 - 00000000 ____D C:\Users\Francis\AppData\Roaming\mjusbsp
2016-10-20 15:21 - 2016-07-08 18:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-20 15:21 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-20 15:17 - 2016-07-10 01:57 - 00000000 ____D C:\ProgramData\Foxit Software
2016-10-20 15:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PLA
2016-10-20 11:58 - 2016-07-09 10:55 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-18 22:07 - 2016-09-16 06:19 - 00000000 ____D C:\Users\Francis\Desktop\Bangkok 9-3 to 9-13
2016-10-18 12:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-16 03:04 - 2016-07-08 17:15 - 00000000 ____D C:\Users\Francis
2016-10-16 03:03 - 2009-07-13 21:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-16 03:02 - 2016-07-08 18:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-16 03:02 - 2016-07-08 18:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-16 03:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-16 02:59 - 2016-07-09 11:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-16 02:59 - 2016-07-09 11:00 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-16 02:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-16 02:58 - 2016-07-09 10:55 - 00000000 ____D C:\Windows\system32\MRT
2016-10-16 02:55 - 2016-07-08 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-16 00:17 - 2016-08-07 19:25 - 00000000 ____D C:\Users\Francis\AppData\Roaming\vlc
2016-10-14 15:13 - 2016-07-10 17:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-14 15:13 - 2016-07-09 20:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-14 15:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-10-14 15:13 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-10-14 15:12 - 2016-07-09 19:52 - 00000000 ____D C:\ProgramData\Skype
2016-10-11 19:05 - 2016-08-07 16:59 - 00000000 ____D C:\Users\Francis\AppData\Local\CrashDumps
2016-09-29 22:01 - 2015-06-06 21:10 - 00000000 ____D C:\Users\Francis\Documents\Recipes

==================== Files in the root of some directories =======

2016-07-08 17:30 - 2016-07-08 17:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-19 01:06

==================== End of FRST.txt ============================

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 21st October, 2016
Running from:C:\Users\Francis\Desktop (16:17:30 - 10/20/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Firefox
***-----------------Anti-Virus - Firewall-------------------***
Avanquest Fix-It (Enabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe Flash Player Plugin is not installed
Firefox (version 49)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5.1)

Firefox (version 48.0) is *out of Date*

***----------------Analysis Complete-------------------------***



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 21 October 2016 - 08:49 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [BingSvc] => C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [{EBF71F1A-4B01-4C28-850D-12E6552732D4}] => regsvr32.exe "C:\Users\Francis\AppData\Local\IomUmcu\Logpab.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Francis\AppData\Local\IomUmcu

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

Please post the Fixlog.txt and let me know if the problem persists.

Include the Addition.txt file created by the Farbar tool for my review.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 21 October 2016 - 12:02 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Francis (21-10-2016 09:36:46) Run:1
Running from C:\Users\Francis\Desktop\Scan Logs & Apps\Apps
Loaded Profiles: Francis (Available Profiles: Francis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [BingSvc] => C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\Run: [{EBF71F1A-4B01-4C28-850D-12E6552732D4}] => regsvr32.exe "C:\Users\Francis\AppData\Local\IomUmcu\Logpab.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Francis\AppData\Local\IomUmcu

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Francis\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{EBF71F1A-4B01-4C28-850D-12E6552732D4} => value not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Francis\AppData\Local\IomUmcu => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 133483216 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 46053614 B
Edge => 0 B
Chrome => 0 B
Firefox => 75460974 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 0 B
Francis => 170574854 B

RecycleBin => 62031665 B
EmptyTemp: => 473.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:37:15 ====

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Francis (20-10-2016 15:43:59)
Running from C:\Users\Francis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-07-09 00:15:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1069660755-2385065663-4170225205-500 - Administrator - Disabled)
Francis (S-1-5-21-1069660755-2385065663-4170225205-1000 - Administrator - Enabled) => C:\Users\Francis
Guest (S-1-5-21-1069660755-2385065663-4170225205-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avanquest Fix-It (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avanquest Fix-It (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Fix-It (HKLM-x32\...\{12FA6720-D4CF-4FFE-968D-133653AC1B1B}) (Version: 15.0.32.28 - Avanquest)
Fix-It (x32 Version: 15.0.32.28 - Avanquest) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Intel® Chipset Device Software (x32 Version: 10.0.17 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
magicJack (HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Mozilla Firefox 48.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0 (x86 en-US)) (Version: 48.0 - Mozilla)
Mozilla Firefox 49.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 49.0.1 (x64 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.69 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {54581315-DF11-4E65-A88A-7A3B5E3CA454} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-08 18:06 - 2016-06-29 11:37 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-08 17:22 - 2014-01-27 20:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-07-08 18:07 - 2016-06-29 15:44 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-07-09 19:05 - 2013-08-27 16:06 - 00450048 ____N () C:\Program Files (x86)\Avanquest\Fix-It\sqlite3.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00098304 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axutil.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00303616 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_engine.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00114688 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axiom.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00016384 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_parser.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00033792 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\guththila.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00080384 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\neethi.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00046592 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_http_sender.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00012288 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\lib\axis2_http_receiver.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00021504 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\modules\addressing\axis2_mod_addr.dll
2016-07-09 19:05 - 2012-10-30 17:18 - 00007680 ____N () C:\Program Files (x86)\Avanquest\Fix-It\axis2\modules\logging\axis2_mod_log.dll
2016-07-08 17:22 - 2016-10-20 15:21 - 00032552 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2016-07-08 17:22 - 2014-01-27 20:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2016-07-09 19:05 - 2013-12-13 11:28 - 00014336 ____N () C:\Program Files (x86)\Avanquest\Fix-It\RDClient.dll
2016-07-09 19:05 - 2013-12-13 11:28 - 00037888 ____N () C:\Program Files (x86)\Avanquest\Fix-It\CommonUtils.dll
2016-07-09 19:05 - 2013-12-13 11:28 - 00825856 ____N () C:\Program Files (x86)\Avanquest\Fix-It\SslUtils.dll
2016-07-09 19:05 - 2010-04-16 14:52 - 00038400 ____N () C:\Program Files (x86)\Avanquest\Fix-It\DiskDefragCpp.dll
2016-07-09 19:05 - 2010-04-16 14:52 - 00344576 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madExcept_.bpl
2016-07-09 19:05 - 2010-04-16 14:52 - 00178688 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madBasic_.bpl
2016-07-09 19:05 - 2010-04-16 14:52 - 00045056 ____N () C:\Program Files (x86)\Avanquest\Fix-It\madDisAsm_.bpl
2016-07-09 19:11 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\Definitions\libBase64.dll
2016-07-09 19:11 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\Avanquest\Fix-It\Antivirus\Definitions\libMachoUniv.dll
2016-07-08 18:07 - 2016-06-29 15:44 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1069660755-2385065663-4170225205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Francis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E465A57C-7C41-4605-B161-40678037047D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{02F13F39-1889-4BB3-954E-D7897F81A30F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1EEDC35D-15E7-4A86-8C09-F5B3C391D85F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C4499EA1-0B6F-4F10-81E9-DB6862595A87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{456F9948-1806-40C0-A913-B37B4D807588}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9092C6C3-5110-4543-AFFF-62B837E6DC11}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EE76BE2C-6D9A-43E5-9C1E-8CE804D628FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{74015BBD-CBF1-42B6-B4F1-C47E3827A444}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F17EF606-A4F5-480B-9C05-4D6594FBCB1C}C:\users\francis\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\francis\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{70154AB1-583A-430B-A6F4-A0713FCB9B38}C:\users\francis\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\francis\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{DC48606B-A056-4518-9E29-CDE83D9E74BE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74D2F641-CA2A-404A-8690-F59E4979C3CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

14-10-2016 13:31:34 Windows Update
14-10-2016 15:10:04 Restore Operation
16-10-2016 02:53:19 Windows Update
20-10-2016 14:41:13 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2016 03:22:45 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/20/2016 03:19:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/19/2016 12:15:54 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/16/2016 03:04:47 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 03:19:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/14/2016 01:44:09 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/11/2016 05:55:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 45.4.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05c4114d
Faulting process id: 0x1674
Faulting application start time: 0x01d213c83a8898e0
Faulting application path: C:\Users\Francis\Desktop\Tor Browser\Browser\firefox.exe
Faulting module path: unknown
Report Id: 993d9201-9016-11e6-858c-086266c6e86d

Error: (09/14/2016 10:51:12 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/28/2016 01:59:22 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/07/2016 10:47:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 45.3.0.0, time stamp: 0x00000000
Faulting module name: d2d1.dll, version: 6.2.9200.16765, time stamp: 0x528bf6b2
Exception code: 0xc0000005
Fault offset: 0x002cf8cb
Faulting process id: 0x850
Faulting application start time: 0x01d1f13848b6335a
Faulting application path: C:\Users\Francis\Desktop\Tor Browser\Browser\firefox.exe
Faulting module path: C:\Windows\system32\d2d1.dll
Report Id: 8973deb3-5d2b-11e6-89f7-086266c6e86d


System errors:
=============
Error: (10/20/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2016 03:19:44 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/20/2016 03:16:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/20/2016 03:16:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (10/19/2016 12:10:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/18/2016 10:37:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (10/16/2016 03:00:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2016 03:10:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2016 01:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Fix-It Utilities Process Monitor service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/14/2016 01:37:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16322.95 MB
Available physical RAM: 13142.22 MB
Total Virtual: 32644.07 MB
Available Virtual: 29374.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:815.41 GB) NTFS
Drive g: (Lexar) (Removable) (Total:14.61 GB) (Free:14.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

Fix-It Utilities Active Defense has not been triggered since my posting



#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 22 October 2016 - 08:24 AM

Your Addition.txt file is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 oneeyedfranc

oneeyedfranc

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 22 October 2016 - 11:40 AM

ty






1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Magpie (1)
Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!