How to reset wd elements play remote

HTML / FakeAlert.EX pops up?

HTML / FakeAlert.EX pops up?



Examination result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017 performed by Zero (Administrator) on ZERO-PC (13-05-2017 09:05:10) Started by C: \ Users \ Zero \ Downloads Loaded Profiles: Zero (Available Profiles: Zero) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: German (Germany) Internet Explorer Version 11 (Standard Browser: FF) Start Mode: Normal Instructions for Farbar Recovery Scan Tool : hxxp: //www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ =============== ===== Processes (not on the exception list) ================== (If an entry is added to the fixlist, the process will be closed. The file will not be moved. ) (ESET) C: \ Program Files \ ESET \ ESET Smart Security Premium \ ekrn.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe (ESET) C: \ Program Files \ ESET \ ESET Smart Security Premium \ egui.exe (Apple Inc.) C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe (Apple Inc.) C: \ Program Files \ Bonjour \ mDNSResponder.exe () C: \ Windows \ SysWOW64 \ XSrvSetup.exe (Logitech Inc.) C: \ Program Files \ Logitech Gaming Software \ Drivers \ APOService \ LogiRegistryService.exe (Apache Software Foundation) C: \ Program Files (x86) \ Marvell \ raid \ Apache2 \ bin \ httpd.exe (NVIDIA Corporation) C: \ Program Files (x86) \ NVIDIA Corporation \ NvTelemetry \ NvTelemetryContainer.exe (Apache Software Foundation) C: \ Program Files (x86) \ Marvell \ raid \ Apache2 \ bin \ httpd.exe () C: \ Program Files (x86) \ Marvell \ raid \ svc \ mvraidsvc .exe (Disc Soft Ltd) K: \ Current Programs \ DAEMON Tools Lite \ DTAgent.exe (Apple Inc.) C: \ Program Files \ iPod \ bin \ iPodService.exe (Disc Soft Ltd) K: \ Current Programs \ DAEMON Tools Lite \ DiscSoftBusServiceLite.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ NvContainer \ nvcontainer.exe (NVIDIA Corporation) C: \ Program Files (x86) \ NVIDIA Corporation \ NvContainer \ nvcontainer.exe (Microsoft Corporation) C : \ Wi ndows \ System32 \ dllhost.exe (Microvirt Software Technology Co. Ltd.) D: \ Games \ Memu \ MEmu \ MEmuConsole.exe (Microvirt Corporation) D: \ Games \ Memu \ MEmuHyperv \ MEmuSVC.exe (Microvirt Software Technology Co. Ltd.) D: \ Games \ Memu \ MEmu \ MEmu.exe () D: \ Games \ Memu \ MEmuHyperv \ MEmuHeadless.exe () D: \ Games \ Memu \ MEmu \ adb.exe (NVIDIA Corporation) C: \ Program Files \ NVIDIA Corporation \ Display \ nvxdsync.exe (Corsair Components, Inc.) C: \ Program Files (x86) \ Corsair \ Corsair Utility Engine \ CUE.exe (Hammer & Chisel, Inc.) C: \ Users \ Zero \ AppData \ Local \ Discord \ app-0.0.297 \ Discord.exe (Hammer & Chisel, Inc.) C: \ Users \ Zero \ AppData \ Local \ Discord \ app-0.0.297 \ Discord.exe (Hammer & Chisel , Inc.) C: \ Users \ Zero \ AppData \ Local \ Discord \ app-0.0.297 \ Discord.exe (TeamSpeak Systems GmbH) K: \ Current Programs \ Teamspeak 3 \ ts3client_win64.exe (Mozilla Corporation) C: \ Program Files \ Mozilla Firefox \ firefox.exe (Mozilla Corporation) C: \ Program Files \ Mozilla Firefox \ firefox.exe (Mozilla Corporation) C: \ Program Files \ Mozilla Firefox \ firef ox.exe (Mozilla Corporation) C: \ Program Files \ Mozilla Firefox \ plugin-container.exe (Node.js) C: \ Program Files (x86) \ NVIDIA Corporation \ NvNode \ NVIDIA Web Helper.exe ===== =============== Registry (Not on the exception list) ===================== (If an entry was added to the fixlist the registry entry is reset to the default value or removed. The file is not moved.) HKLM \ ... \ Run: [ShadowPlay] => "C: \ Windows \ system32 \ rundll32.exe" C: \ Windows \ system32 \ nvspcap64.dll, ShadowPlayOnSystemStart HKLM \ ... \ Run: [RTHDVCPL] => C: \ Program Files \ Realtek \ Audio \ HDA \ RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor) HKLM \ ... \ Run: [Launch LCore] => C: \ Program Files \ Logitech Gaming Software \ LCore.exe [16293496 2016-09-29] (Logitech Inc.) HKLM \ ... \ Run: [iTunesHelper] => K: \ Current Programs \ Itunes \ iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM \ ... \ Run: [Malwarebytes TrayApp] => K: \ CURRENT PROGRAMS \ ANTI-MALWARE \ mbamtray.exe [2780112 2017-01-20] (Malwarebytes) HKLM -x32 \ ... \ Run: [NUSB3MON] => C: \ Program Files (x86) \ Renesas Electronics \ USB 3.0 Host Controller Driver \ Application \ nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32 \ ... \ Run: [JMB36X IDE Setup] => C: \ Windows \ RaidTool \ xInsIDE.exe [43608 2010-09-07] () HKLM-x32 \ ... \ Run: [MRUTray] => C: \ Program Files (x86) \ Marvell \ raid \ tray \ MarvellTray. exe [731176 2010-03-08] () HKLM-x32 \ ... \ Run: [Corsair Utility Engine] => C: \ Program Files (x86) \ Corsair \ Corsair Utility Engine \ CUE.exe [13043408 2016- 12-13] (Corsair Components, Inc.) HKU \ S-1-5-21-863664969-3634829622-650527450-1000 \ ... \ Run: [DAEMON Tools Lite Automount] => K: \ Current Programs \ DAEMON Tools Lite \ DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd) HKU \ S-1-5-21-863664969-3634829622-650527450-1000 \ ... \ Run: [Discord] => C: \ Users \ Zero \ AppData \ Local \ Discord \ app-0.0.297 \ Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU \ S-1-5-18 \ ... \ RunOnce: [SPReview] => C: \ Windows \ System32 \ SPReview \ SPReview.exe [301568 2016-12-15] (Microsoft Corporation) ==================== = Internet (Not on the exception list) ==================== (If an entry is added to the fixlist, the entry will be removed or reset to the default value if it is a registry entry.) Tcpip \ Parameters: [DhcpNameServer] 192.168.178.1 Tcpip \ .. \ Interfaces \ {8979130C-AE3C -413E-8644-0F1425E5A880}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A } hxxp: //quickscan.bitdefender.com/qsax/qsax.cab FireFox: ======== FF DefaultProfile: h6ldsxew.default-1494413619982 FF ProfilePath: C: \ Users \ Zero \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ h6ldsxew.default-1494413619982 [2017-05-13] FF Homepage: Mozilla \ Firefox \ Profiles \ h6ldsxew.default-1494413619982 -> google.de/ FF Session Restore: Mozilla \ Firefox \ Profiles \ h6ldsxew.default- 1494413619982 -> is activated. FF Extension: (YouTube Unblocker Plus) - C: \ Users \ Zero \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ h6ldsxew.default-1494413619982 \ Extensions \ [email protected] [2017-05-10] FF Extension : (Adblock Plus) - C: \ Users \ Zero \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ h6ldsxew.default-1494413619982 \ Extensions \ {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} .xpi [2017-05-10 ] FF Plugin: @ adobe.com / FlashPlayer -> C: \ Windows \ system32 \ Macromed \ Flash \ NPSWF64_25_0_0_171.dll [2017-05-10] () FF Plugin-x32: @ adobe.com / FlashPlayer -> C: \ Windows \ SysWOW64 \ Macromed \ Flash \ NPSWF32_25_0_0_171.dll [2017-05-10] () FF Plugin-x32: @ microsoft.com / OfficeLive, version = 1.5 -> C: \ Program Files (x86) \ Microsoft \ Office Live \ npOLW.dll [2010-04-26] (Microsoft Corp.) FF Plugin-x32: Adobe Reader -> C: \ Program Files (x86) \ Adobe \ Acrobat Reader DC \ Reader \ AIR \ nppdf32.dll [2017 -04-05] (Adobe Systems Inc.) FF ExtraCheck: C: \ Program Files \ mozilla firefox \ defaults \ pref \ itms.js [2016-11-17] ============== ======= Services (Not on the exception list) ===================== (If an entry is added to the fixlist, it will be removed from the registry. The file will not be moved unless it is listed separately.) R2 Apple Mobile Device Service; C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BEService; C: \ Program Files (x86) \ Common Files \ BattlEye \ BEService.exe [1404936 2017-04-27] () R3 Disc Soft Lite Bus Service; K: \ Current Programs \ DAEMON Tools Lite \ DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd) R2 ekrn; C: \ Program Files \ ESET \ ESET Smart Security Premium \ ekrn.exe [2836296 2017-02-14] (ESET) R2 JMB36X; C: \ Windows \ SysWOW64 \ XSrvSetup.exe [72280 2010-09-07] () R2 LogiRegistryService; C: \ Program Files \ Logitech Gaming Software \ Drivers \ APOService \ LogiRegistryService.exe [193656 2016-09-29] (Logitech Inc.) R2 Marvell RAID; C: \ Program Files (x86) \ Marvell \ raid \ svc \ mvraidsvc.exe [235560 2010-03-08] () S2 MBAMService; K: \ Current Programs \ Anti-Malware \ mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 MRUWebService; C: \ Program Files (x86) \ Marvell \ raid \ Apache2 \ bin \ httpd.exe [24635 2008-06-12] (Apache Software Foundation) [file is not signed] R2 NvContainerLocalSystem; C: \ Program Files \ NVIDIA Corporation \ NvContainer \ nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) S3 NvContainerNetworkService; C: \ Program Files \ NVIDIA Corporation \ NvContainer \ nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C: \ Program Files \ NVIDIA Corporation \ Display.NvContainer \ NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation) R2 NvTelemetryContainer; C: \ Program Files (x86) \ NVIDIA Corporation \ NvTelemetry \ NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation) R2 WinDefend; C: \ Program Files \ Windows Defender \ mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 MEmusvc; D: \ Games \ Memu \ MEmu \ MemuService.exe [X] ====================== Driver (not on the exception list) ======= =============== (If an entry is added to the fixlist, it is removed from the registry. The file is not moved unless it is listed separately.) R3 CorsairVBusDriver; C: \ Windows \ System32 \ DRIVERS \ CorsairVBusDriver.sys [54256 2016-12-11] (Corsair) R3 CorsairVHidDriver; C: \ Windows \ System32 \ DRIVERS \ CorsairVHidDriver.sys [29168 2016-12-11] (Corsair) R3 dtlitescsibus; C: \ Windows \ System32 \ DRIVERS \ dtlitescsibus.sys [30264 2016-12-30] (Disc Soft Ltd) R3 dtliteusbbus; C: \ Windows \ System32 \ DRIVERS \ dtliteusbbus.sys [47672 2016-12-30] (Disc Soft Ltd) S3 DUKEMS; C: \ Windows \ System32 \ drivers \ DUKEMS.sys [25600 2012-08-16] () [file is not signed] R1 eamonm; C: \ Windows \ System32 \ DRIVERS \ eamonm.sys [132272 2017-02-14] (ESET) R0 edevmon; C: \ Windows \ System32 \ DRIVERS \ edevmon.sys [106768 2017-02-14] (ESET) R1 ehdrv; C: \ Windows \ System32 \ DRIVERS \ ehdrv.sys [180544 2017-02-14] (ESET) R2 ekbdflt; C: \ Windows \ System32 \ DRIVERS \ ekbdflt.sys [49672 2017-02-14] (ESET) R1 epfw; C: \ Windows \ System32 \ DRIVERS \ epfw.sys [77616 2017-02-14] (ESET) R1 EpfwLWF; C: \ Windows \ System32 \ DRIVERS \ EpfwLWF.sys [60536 2017-02-14] (ESET) R1 epfwwfp; C: \ Windows \ System32 \ DRIVERS \ epfwwfp.sys [96856 2017-02-14] (ESET) R2 LGCoreTemp; C: \ Program Files \ Logitech Gaming Software \ Drivers \ LgCoreTemp \ lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C: \ Windows \ System32 \ drivers \ LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc.) R3 LGPBTDD; C: \ Windows \ System32 \ Drivers \ LGPBTDD.sys [30728 2016-09-29] (Logitech Inc.) R2 memudrv; D: \ Games \ Memu \ MEmuHyperv \ MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) S3 NvStreamKms; C: \ Program Files \ NVIDIA Corporation \ NvStreamSrv \ NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C: \ Windows \ System32 \ drivers \ nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation) R3 nvvhci; C: \ Windows \ System32 \ DRIVERS \ nvvhci.sys [57792 2017-02-23] (NVIDIA Corporation) S3 Synth3dVsc; System32 \ drivers \ synth3dvsc.sys [X] S3 tsusbhub; system32 \ drivers \ tsusbhub.sys [X] S3 VGPU; System32 \ drivers \ rdvgkmd.sys [X] S3 xhunter1; \ ?? \ C: \ Windows \ xhunter1.sys [X] ==================== NetSvcs (not on the exception list) ======== =========== (If an entry is added to the fixlist, it will be removed from the registry. The file will not be moved unless it is listed separately.) ========= =========== One month: files and folders created ======== (If an entry is added to the fixlist, the file / folder will be moved.) 2017-05-11 16:45 - 2017-05-11 16:45 - 00004474 _____ C: \ Users \ Zero \ Desktop \ JRT.txt 2017-05-11 16:42 - 2017-05-11 16:42 - 01663672 _____ (Malwarebytes) C: \ Users \ Zero \ Desktop \ JRT.exe 2017-05-11 16:21 - 2017-05-11 16:40 - 00000000 ____D C: \ AdwCleaner 2017-05-11 16:15 - 2017-05-11 16:15 - 04102600 _____ C: \ Users \ Zero \ Downloads \ AdwCleaner_6.046.exe 2017-05-11 13:54 - 2017-05-11 15:30 - 00000000 ____D C: \ ProgramData \ Malwarebytes' Anti-Malware (portable) 2017-05-11 13:53 - 2017-05-11 15:30 - 00000000 ____D C: \ Users \ Zero \ Desktop \ mbar 2017-05-11 13:53 - 2017-05-1 1 13:53 - 16563352 _____ (Malwarebytes Corp.) C: \ Users \ Zero \ Downloads \ mbar-1.09.3.1001.exe 2017-05-10 23:00 - 2017-05-10 23:00 - 00002322 _____ C: \ Users \ Zero \ Desktop \ malware.txt 2017-05-10 13:47 - 2017-05-10 13:48 - 00049810 _____ C: \ Users \ Zero \ Downloads \ Addition.txt 2017-05-10 13:46 - 2017-05-13 09:05 - 00011456 _____ C: \ Users \ Zero \ Downloads \ FRST.txt 2017-05-10 13:46 - 2017-05-13 09:05 - 00000000 ____D C: \ FRST 2017- 05-10 13:43 - 2017-05-10 13:43 - 02429440 _____ (Farbar) C: \ Users \ Zero \ Downloads \ FRST64.exe 2017-05-10 13:32 - 2017-05-10 13:32 - 00000000 ____D C: \ Users \ Zero \ Desktop \ loggs 2017-05-10 12:53 - 2017-05-10 12:53 - 00611661 _____ C: \ Users \ Zero \ Desktop \ bookmarks.html 2017-05-10 12:53 - 2017-05-10 12:53 - 00000000 ____D C: \ Users \ Zero \ Desktop \ Old Firefox data 2017-05-10 05:46 - 2017-05-10 05:46 - 00000956 _____ C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Mozilla Firefox.lnk 2017-05-10 05:46 - 2017-05-10 05:46 - 00000944 _____ C: \ Users \ Public \ Desktop \ Mozilla Firefox.lnk 2017-05-10 05:46 - 2017-05-10 05:46 - 00000000 ____D C: \ Program Files (x86) \ Mozilla Maintenance Service 2017-05-10 05:26 - 2017-05-11 16:41 - 00251832 _____ (Malwarebytes) C: \ Windows \ system32 \ Drivers \ MBAMSwissArmy.sys 2017-05-10 05:26 - 2017-05-11 16:41 - 00111544 _____ (Malwarebytes) C: \ Windows \ system32 \ Drivers \ farflt .sys 2017-05-10 05:26 - 2017-05-11 16:41 - 00082720 _____ (Malwarebytes) C: \ Windows \ system32 \ Drivers \ mwac.sys 2017-05-10 05:26 - 2017-05- 11 16:41 - 00043968 _____ (Malwarebytes) C: \ Windows \ system32 \ Drivers \ mbam.sys 2017-05-10 05:26 - 2017-05-11 16:32 - 00186304 _____ (Malwarebytes) C: \ Windows \ system32 \ Drivers \ MBAMChameleon.sys 2017-05-10 05:26 - 2017-05-10 05:26 - 00000805 _____ C: \ Users \ Public \ Desktop \ Malwarebytes.lnk 2017-05-10 05:26 - 2017- 05-10 05:26 - 00000000 ____D C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ Malwarebytes 2017-05-10 05:26 - 2017-03-22 11:02 - 00077440 _____ C: \ Windows \ system32 \ Drivers \ mbae64.sys 2017-05-10 05:25 - 2017-05-11 13:54 - 00000000 ____D C: \ ProgramData \ Malwarebytes 2017-05-10 04:34 - 2017-05-10 04:34 - 00000000 _____ C: \ autoexec.bat 2017-05-10 04:27 - 2017-05-10 04:31 - 00000000 ____D C: \ Users \ Public \ Documents \ Stronghold AntiMalware 2017-05-10 02:54 - 2017-04-28 03:14 - 05547240 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ntoskrnl.exe 2017- 05-10 02:54 - 2017-04-28 03:14 - 00706792 _____ (Microsoft Corporation) C: \ Windows \ system32 \ winload.efi 2017-05-10 02:54 - 2017-04-28 03:14 - 00631176 _____ (Microsoft Corporation) C: \ Windows \ system32 \ winresume.efi 2017-05-10 02:54 - 2017-04-28 03:14 - 00154856 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ ksecpkg .sys 2017-05-10 02:54 - 2017-04-28 03:14 - 00095464 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ ksecdd.sys 2017-05-10 02:54 - 2017-04 -28 03:11 - 01732864 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ntdll.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 01460736 _____ (Microsoft Corporation) C: \ Windows \ system32 \ lsasrv.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 01212928 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rpcrt4.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 01163264 _____ (Microsoft Corporation) C: \ Windows \ system32 \ kernel32.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00730624 _____ (Microsoft Corporation) C: \ Windows \ system32 \ kerberos.dll 2017-05-10 02 : 54 - 2017-04-28 03:10 - 00503808 _____ (Microsoft Corporation) C: \ Windows \ system32 \ srcore.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00419840 _____ (Microsoft Corporation) C: \ Windows \ system32 \ KernelBase.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00362496 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wow64win.dll 2017-05- 10 02:54 - 2017-04-28 03:10 - 00345600 _____ (Microsoft Corporation) C: \ Windows \ system32 \ schannel.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00316928 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msv1_0.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00312320 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ncrypt.dll 2017- 05-10 02:54 - 2017-04-28 03 : 10 - 00243712 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wow64.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00215552 _____ (Microsoft Corporation) C: \ Windows \ system32 \ winsrv.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00210432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wdigest.dll 2017-05-10 02:54 - 2017-04- 28 03:10 - 00190464 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rpchttp.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00146432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msaudite.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00135680 _____ (Microsoft Corporation) C: \ Windows \ system32 \ sspicli.dll 2017-05-10 02:54 - 2017- 04-28 03:10 - 00086528 _____ (Microsoft Corporation) C: \ Windows \ system32 \ TSpkg.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00063488 _____ (Microsoft Corporation) C: \ Windows \ system32 \ setbcdlocale.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00060416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msobjs.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00050176 ____ _ (Microsoft Corporation) C: \ Windows \ system32 \ srclient.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00028672 _____ (Microsoft Corporation) C: \ Windows \ system32 \ sspisrv.dll 2017 -05-10 02:54 - 2017-04-28 03:10 - 00028160 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secur32.dll 2017-05-10 02:54 -2017-04-28 03:10 - 00016384 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ntvdm64.dll 2017-05-10 02:54 - 2017-04-28 03:10 - 00013312 _____ (Microsoft Corporation) C : \ Windows \ system32 \ wow64cpu.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00880640 _____ (Microsoft Corporation) C: \ Windows \ system32 \ advapi32.dll 2017-05-10 02: 54 - 2017-04-28 03:09 - 00690688 _____ (Microsoft Corporation) C: \ Windows \ system32 \ adtschema.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00463872 _____ (Microsoft Corporation ) C: \ Windows \ system32 \ certcli.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00123904 _____ (Microsoft Corporation) C: \ Windows \ system32 \ bcrypt.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00059904 _____ (Microsoft Corporation) C: \ Windows \ system32 \ appidapi.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00044032 _____ ( Microsoft Corporation) C: \ Windows \ system32 \ csrsrv.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00043520 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cryptbase.dll 2017-05 -10 02:54 - 2017-04-28 03: 09 - 00034816 _____ (Microsoft Corporation) C: \ Windows \ system32 \ appidsvc.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00022016 _____ (Microsoft Corporation) C: \ Windows \ system32 \ credssp .dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00006656 _____ (Microsoft Corporation) C: \ Windows \ system32 \ apisetschema.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00006144 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-security-base-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03: 09 - 00005120 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-file-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00004608 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-threadpool-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00004608 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-processthreads-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-sysinfo-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03 : 09 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-synch-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-localregistry-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-localization-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H ( Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation ) C: \ Windows \ system32 \ api-ms-win-core-processenvironment-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C : \ Windows \ system32 \ api-ms-win-core-namedpipe-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-misc-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C: \ Window s \ system32 \ api-ms-win-device-memory-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-libraryloader-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-heap-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api- ms-win-core-xstate-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms- win-core-util-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win- core-string-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core- profile-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-io- l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-interlocked-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-handle-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-fibers-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-errorhandling-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-delayload-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-debug-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api-ms-win-core-datetime-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 03:09 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ system32 \ api -ms-w in-core-console-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:36 - 04000488 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntkrnlpa.exe 2017-05 -10 02:54 - 2017-04-28 02:36 - 03945192 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntoskrnl.exe 2017-05-10 02:54 - 2017-04-28 02:34 - 01314112 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntdll.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 01114112 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ kernel32.dll 2017 -05-10 02:54 - 2017-04-28 02:32 - 00690688 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ adtschema.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00666112 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ rpcrt4.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00644096 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ advapi32. dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00553472 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ kerberos.dll 2017-05-10 02:54 - 2017-04-28 02 : 32 - 00342528 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ certcli.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00275456 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ KernelBase.dll 2017-05-10 02:54 - 2017-04- 28 02:32 - 00261120 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msv1_0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00254464 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ schannel.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00223232 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ncrypt.dll 2017-05-10 02:54 - 2017- 04-28 02:32 - 00172032 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ wdigest.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00146432 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msaudite.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00141312 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ rpchttp.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00096768 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ sspicli.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00082944 _____ (Microsoft Corporation) C : \ Windows \ SysWOW64 \ bcrypt.dll 2017- 05-10 02:54 - 2017-04-28 02:32 - 00065536 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ TSpkg.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00060416 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msobjs.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00050688 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ appidapi.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00043008 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ srclient.dll 2017-05-10 02:54 - 2017-04-28 02: 32 - 00022016 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ secur32.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00017408 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ credssp .dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00006656 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ apisetschema.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00005120 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-file-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02: 32 - 00005120 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ wow32.dll 20 17-05-10 02:54 - 2017-04-28 02:32 - 00004608 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-processthreads-l1-1-0.dll 2017- 05-10 02:54 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-sysinfo-l1-1-0.dll 2017-05- 10 02:54 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-synch-l1-1-0.dll 2017-05-10 02 : 54 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-misc-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-localregistry-l1-1-0.dll 2017-05-10 02:54 - 2017 -04-28 02:32 - 00004096 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-localization-l1-1-0.dll 2017-05-10 02:54 - 2017-04 -28 02:32 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-processenvironment-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003584 ____H ( Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-namedpipe-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation ) C: \ Windows \ SysWOW64 \ api-ms-win-device-config-L1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C : \ Windows \ SysWOW64 \ api-ms-win-core-libraryloader-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-interlocked-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-heap-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-string-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api- ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms- win-core-profiles -l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-io-l1 -1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-handle-l1-1 -0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-fibers-l1-1-0 .dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-errorhandling-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-delayload-l1-1-0.dll 2017- 05-10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-debug-l1-1-0.dll 2017-05- 10 02:54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-datetime-l1-1-0.dll 2017-05-10 02 : 54 - 2017-04-28 02:32 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-rtlsupport-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:19 - 00148480 _____ (Microsoft Corporation) C: \ Windows \ system32 \ appidpolicyconverter.exe 2017-05-10 02:54 - 2017-04-28 02:19 - 00062464 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ appid.sys 2017-05- 10 02:54 - 2017-04-28 02:19 - 00017920 _____ (Microsoft Corporation) C: \ Windows \ system32 \ appidcertstorecheck.exe 2017-05-10 02:54 - 2017-04-28 02:18 - 00064000 _____ (Microsoft Corporation) C: \ Windows \ system32 \ auditpol.exe 2017-05-10 02:54 - 2017-04-28 02:15 - 00338432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ conhost.exe 2017- 05-10 02:54 - 2017-04-28 02:14 - 00296960 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rstrui.exe 2017-05-10 02:54 - 2017-04-28 02:12 - 00159744 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ mrxsmb.sys 2017-05-10 02:54 - 2017-04-28 02:11 - 00291328 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ mrxsmb10.sys 2017-05-10 02 : 54 - 2017-04-28 02:11 - 00129536 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ mrxsmb20.sys 2017-05-10 02:54 - 2017-04-28 02:11 - 00050176 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ auditpol.exe 2017-05-10 02:54 - 2017-04-28 02:10 - 00112640 _____ (Microsoft Corporation) C: \ Windows \ system32 \ smss.exe 2017- 05-10 02:54 - 2017-04-28 02:10 - 00030720 _____ (Microsoft Corporation) C: \ Windows \ system32 \ lsass.exe 2017-05-10 02:54 - 2017-04-28 02:08 - 00025600 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ setup16.exe 2017-05-10 02:54 - 2017-04-28 02:08 - 00014336 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntvdm64.dll 2017-05-10 02:54 - 2017-04-28 02:08 - 00007680 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ instnm.exe 2017-05-10 02:54 - 2017-04-28 02: 08 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ user.exe 2017-05-10 02:54 - 2017-04-28 02:07 - 00036352 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ cryptbase .dll 2017-05-10 02:54 - 2017-04-28 02:07 - 00006144 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-security-base-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02: 07 - 00004608 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-threadpool-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:07 - 00003584 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-xstate-l1-1-0.dll 2017-05-10 02:54 - 2017-04-28 02:07 - 00003072 ____H (Microsoft Corporation) C: \ Windows \ SysWOW64 \ api-ms-win-core-util-l1-1-0.dll 2017-05-10 02:54 - 2017-04-26 16:59 - 03220992 _____ (Microsoft Corporation) C: \ Windows \ system32 \ win32k.sys 2017-05-10 02:54 - 2017-04-21 17:34 - 01133568 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cdosys.dll 2017-05- 10 02:54 - 2017-04-21 17:15 - 00805376 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ cdosys.dll 2017-05-10 02:54 - 2017-04-20 02:00 - 00394448 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iedkcs32.dll 2017-05-10 02:54 - 2017-04-20 01:16 - 00346320 _____ (Microsoft Cor poration) C: \ Windows \ SysWOW64 \ iedkcs32.dll 2017-05-10 02:54 - 2017-04-17 17:37 - 02065408 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ole32.dll 2017-05- 10 02:54 - 2017-04-17 17:37 - 00876544 _____ (Microsoft Corporation) C: \ Windows \ system32 \ oleaut32.dll 2017-05-10 02:54 - 2017-04-17 17:37 - 00512000 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rpcss.dll 2017-05-10 02:54 - 2017-04-17 17:37 - 00026112 _____ (Microsoft Corporation) C: \ Windows \ system32 \ oleres.dll 2017- 05-10 02:54 - 2017-04-17 17:37 - 00008704 _____ (Microsoft Corporation) C: \ Windows \ system32 \ comcat.dll 2017-05-10 02:54 - 2017-04-17 17:12 - 01417728 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ole32.dll 2017-05-10 02:54 - 2017-04-17 17:12 - 00581632 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ oleaut32.dll 2017-05-10 02:54 - 2017-04-17 17:12 - 00026112 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ oleres.dll 2017-05-10 02:54 - 2017-04-17 16: 54 - 00007168 _____ (Microsoft Corporation) C: \ Windows \ SysW OW64 \ comcat.dll 2017-05-10 02:54 - 2017-04-16 11:17 - 02724864 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtml.tlb 2017-05-10 02:54 - 2017- 04-16 11:16 - 00004096 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwcollectorres.dll 2017-05-10 02:54 - 2017-04-16 10:57 - 00066560 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iesetup.dll 2017-05-10 02:54 - 2017-04-16 10:55 - 00417792 _____ (Microsoft Corporation) C: \ Windows \ system32 \ html.iec 2017-05-10 02:54 - 2017-04-16 10:55 - 00048640 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwproxystub.dll 2017-05-10 02:54 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C : \ Windows \ system32 \ vbscript.dll 2017-05-10 02:54 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MshtmlDac.dll 2017-05-10 02: 54 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iertutil.dll 2017-05-10 02:54 - 2017-04-16 10:44 - 00054784 _____ (Microsoft Corporation ) C: \ Windows \ system3 2 \ jsproxy.dll 2017-05-10 02:54 - 2017-04-16 10:43 - 00034304 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iernonce.dll 2017-05-10 02:54 - 2017- 04-16 10:38 - 00615936 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieui.dll 2017-05-10 02:54 - 2017-04-16 10:37 - 00144384 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieUnatt.exe 2017-05-10 02:54 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwcollector.exe 2017-05-10 02:54 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript.dll 2017-05-10 02:54 - 2017-04-16 10:36 - 00814080 _____ (Microsoft Corporation) C : \ Windows \ system32 \ jscript9diag.dll 2017-05-10 02:54 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtml.dll 2017-05-10 02: 54 - 2017-04-16 10:25 - 00968704 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MsSpellCheckingFacility.exe 2017-05-10 02:54 - 2017-04-16 10:21 - 00489984 _____ (Microsoft Corporation ) C: \ Windows \ s ystem32 \ dxtmsft.dll 2017-05-10 02:54 - 2017-04-16 10:19 - 02724864 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtml.tlb 2017-05-10 02:54 - 2017- 04-16 10:18 - 05977600 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript9.dll 2017-05-10 02:54 - 2017-04-16 10:11 - 00077824 _____ (Microsoft Corporation) C: \ Windows \ system32 \ JavaScriptCollectionAgent.dll 2017-05-10 02:54 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C: \ Windows \ system32 \ tdc.ocx 2017-05-10 02:54 - 2017-04-16 10:09 - 00107520 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inseng.dll 2017-05-10 02:54 - 2017-04-16 10:04 - 00199680 _____ (Microsoft Corporation) C : \ Windows \ system32 \ msrating.dll 2017-05-10 02:54 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtmled.dll 2017-05-10 02: 54 - 2017-04-16 10:02 -00062464 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iesetup.dll 2017-05-10 02:54 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ vbscript.dll 2017-05-10 02:54 - 2017-04-16 10:01 - 00341504 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ html.iec 2017-05-10 02:54 - 2017-04-16 10: 01 - 00047616 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieetwproxystub.dll 2017-05-10 02:54 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C: \ Windows \ system32 \ dxtrans .dll 2017-05-10 02:54 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ MshtmlDac.dll 2017-05-10 02:54 - 2017-04-16 09:57 - 00152064 _____ (Microsoft Corporation) C: \ Windows \ system32 \ occache.dll 2017-05-10 02:54 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iertutil.dll 2017-05-10 02:54 - 2017-04-16 09:52 - 00047104 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jsproxy.dll 2017-05-10 02:54 - 2017-04 -16 09:52 - 00030720 __ ___ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iernonce.dll 2017-05-10 02:54 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtml.dll 2017 -05-10 02:54 - 2017-04-16 09:48 - 00476160 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieui.dll 2017-05-10 02:54 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript.dll 2017-05-10 02:54 - 2017-04-16 09:47 - 00115712 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieUnatt. exe 2017-05-10 02:54 - 2017-04-16 09:46 - 00620032 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript9diag.dll 2017-05-10 02:54 - 2017-04-16 09 : 43 - 00262144 _____ (Microsoft Corporation) C: \ Windows \ system32 \ webcheck.dll 2017-05-10 02:54 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msfeeds.dll 2017-05-10 02:54 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ie4uinit.exe 2017-05-10 02:54 - 2017-04- 16 09:37 - 02132992 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inetcpl.cpl 2017-05-10 02:54 - 2017-04-16 09:37 - 01359360 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtmlmedia.dll 2017-05- 10 02:54 - 2017-04-16 09:35 - 00416256 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ dxtmsft.dll 2017-05-10 02:54 - 2017-04-16 09:30 - 00060416 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ JavaScriptCollectionAgent.dll 2017-05-10 02:54 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ tdc.ocx 2017- 05-10 02:54 - 2017-04-16 09:28 - 00091136 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ inseng.dll 2017-05-10 02:54 - 2017-04-16 09:25 - 00168960 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msrating.dll 2017-05-10 02:54 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtmled.dll 2017-05-10 02:54 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ dxtrans.dll 2017-05-10 02:54 - 2017-04-16 09: 20 - 00130048 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ occache.dll 2017-05-10 02:54 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ webcheck.dll 2017-05- 10 02:54 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieframe.dll 2017-05-10 02:54 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msfeeds.dll 2017-05-10 02:54 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript9.dll 2017- 05-10 02:54 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ inetcpl.cpl 2017-05-10 02:54 - 2017-04-16 09:08 - 01155072 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtmlmedia.dll 2017-05-10 02:54 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wininet.dll 2017-05-10 02:54 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieframe.dll 2017-05-10 02:54 - 2017-04-16 08: 50 - 01544704 _____ (Microsoft Corporation) C: \ Windows \ system32 \ urlmon.dll 2017-05-10 02:54 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieapfltr.dll 2017-05-10 02 : 54 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ wininet.dll 2017-05-10 02:54 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ urlmon.dll 2017-05-10 02:54 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieapfltr.dll 2017-05- 10 02:54 - 2017-04-12 17:32 - 01483776 _____ (Microsoft Corporation) C: \ Windows \ system32 \ crypt32.dll 2017-05-10 02:54 - 2017-04-12 17:32 - 00229376 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wintrust.dll 2017-05-10 02:54 - 2017-04-12 17:32 - 00190976 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cryptsvc.dll 2017- 05-10 02:54 - 2017-04-12 17:32 - 00141824 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cryptnet.dll 2017-05-10 02:54 - 2017-04-12 17:26 - 00179200 _____ (Microsoft Corporation) C: \ Windows \ SysWO W64 \ wintrust.dll 2017-05-10 02:54 - 2017-04-12 17:25 - 01176064 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ crypt32.dll 2017-05-10 02:54 - 2017- 04-12 17:25 - 00145920 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ cryptsvc.dll 2017-05-10 02:54 - 2017-04-12 17:25 - 00106496 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ cryptnet.dll 2017-05-10 02:54 - 2017-04-07 17:34 - 00986856 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ dxgkrnl.sys 2017-05-10 02: 54 - 2017-04-07 17:34 - 00265448 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ dxgmms1.sys 2017-05-10 02:54 - 2017-04-07 17:30 - 00405504 _____ ( Microsoft Corporation) C: \ Windows \ system32 \ gdi32.dll 2017-05-10 02:54 - 2017-04-07 17:30 - 00144384 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cdd.dll 2017-05 -10 02:54 - 2017-04-07 17:22 - 00312832 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ gdi32.dll 2017-05-10 02:54 - 2017-04-05 16:55 - 00460800 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Driv ers \ srv.sys 2017-05-10 02:54 - 2017-04-05 16:55 - 00405504 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ srv2.sys 2017-05-10 02:54 - 2017-04-05 16:55 - 00168960 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ srvnet.sys 2017-05-10 02:54 - 2017-04-04 17:34 - 01895656 _____ (Microsoft Corporation ) C: \ Windows \ system32 \ Drivers \ tcpip.sys 2017-05-10 02:54 - 2017-04-04 17:34 - 00377576 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ netio.sys 2017 -05-10 02:54 - 2017-04-04 17:34 - 00287976 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ FWPKCLNT.SYS 2017-05-10 02:54 - 2017-04-04 16 : 53 - 00496128 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ afd.sys 2017-05-10 02:54 - 2017-04-04 16:53 - 00117760 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ tdx.sys 2017-05-10 02:54 - 2017-03-10 18:32 - 01389056 _____ (Microsoft Corporation) C: \ Windows \ system32 \ pla.dll 2017-05-10 02:54 - 2017-03-10 18:32 - 00300544 _____ (Microsoft Corporation) C: \ Windows \ system32 \ pdh.dll 2017-05-10 02:54 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ pla.dll 2017-05-10 02:54 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ pdh.dll 2017-05-10 02:54 - 2017-03-10 17:57 - 00009216 _____ (Microsoft Corporation) C: \ Windows \ system32 \ plasrv.exe 2017-05-10 02:54 - 2017-03-10 17:55 - 00205312 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ fastfat.sys 2017-05- 10 02:54 - 2017-03-10 17:55 - 00195584 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Drivers \ exfat.sys 2017-05-10 02:54 - 2017-03-09 18:34 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ system32 \ tzres.dll 2017-05-10 02:54 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ tzres.dll 2017-04-29 12:36 - 2017-04-29 12:51 - 00000000 ____D C: \ Users \ Zero \ Desktop \ Benchmark 2017-04-27 22:41 - 2017-04-27 22:41 - 00000208 _____ C: \ Users \ Zero \ Desktop \ ARK Survival Of The Fittest.url 2017-04-14 10:07 - 2017-04-19 17:58 - 00000000 ____D C: \ Users \ Zero \ Desktop \ Accident 2017-04-14 10:06 - 2017-04-14 10:07 - 00000000 ____D C: \ Users \ Zero \ Desktop \ Lawyer House 2017-04-14 09:06 - 2017-05-11 17:26 - 00000000 ____D C: \ Users \ Zero \ .MemuHyperv 2017-04-14 09:06 - 2017-04-14 09:06 - 00000813 _____ C: \ Users \ Zero \ Desktop \ Multi-MEmu.lnk 2017-04-14 09:06 - 2017-04-14 09:06 - 00000797 _____ C: \ Users \ Zero \ Desktop \ MEmu.lnk 2017-04 -14 09:06 - 2017-04-14 09:06 - 00000000 ____D C: \ ProgramData \ Microsoft \ Windows \ Start Menu \ Programs \ MEmu 2017-04-14 09:03 - 2017-04-14 09:03 - 00000000 ____D C: \ Users \ Zero \ Desktop \ scripts ==================== One month: Changed files and folders ======== (If a Entry is added to the fixlist, the file / folder is moved.) 2017-05-13 04:03 - 2009-07-14 06:45 - 00018592 ____H C: \ Windows \ system32 \ 7B296FB0-376B-497e-B012 -9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-13 04:03 - 2009-07-14 06:45 - 00018592 ____H C: \ Windows \ system32 \ 7B296FB0-376B- 497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-12 16:43 - 2016-12-15 14:13 - 00000000 ____D C: \ ProgramData \ NVIDIA 2017-05-12 07:41 - 2016-12-15 15:06 - 00000000 ____D C: \ Users \ Zero \ AppData \ LocalLow \ Mozilla 2017-05-11 19:35 - 2016-12-15 16:52 - 00000000 ____D C: \ Users \ Zero \ AppData \ Local \ Battle.net 2017-05-11 16:46 - 2017-01-28 16:27 - 00408372 _____ C: \ Windows \ system32 \ perfh011.dat 2017-05-11 16:46 - 2017-01-28 16:27 - 00121758 _____ C: \ Windows \ system32 \ perfc011.dat 2017-05-11 16:46 - 2016-12-15 22:58 - 00699092 _____ C: \ Windows \ system32 \ perfh007. dat 2017-05-11 16:46 - 2016-12-15 22:58 - 00149232 _____ C: \ Windows \ system32 \ perfc007.dat 2017-05-11 16:46 - 2009-07-14 07:13 - 02149332 _____ C: \ Windows \ system32 \ PerfStringBackup.INI 2017-05-11 16:46 - 2009-07-14 05:20 - 00000000 ____D C: \ Windows \ inf 2017-05-11 16:45 - 2017-02- 08 05:05 - 00000000 ____D C: \ Users \ Zero \ AppData \ Local \ CrashDumps 2017-05-11 16:41 - 2016-12-15 16:39 - 00000008 _____ C: \ Windows \ mvraidver.dat 2017-05-11 16:41 - 2009-07-14 07:08 - 00000006 ____H C: \ Windows \ Tasks \ SA.DAT 2017-05-11 16:11 - 2017-02-24 12:52 - 00000000 ____D C: \ Users \ Zero \ Downloads \ MEmu Download 2017-05-10 23:42 - 2017-01-07 17:38 - 00803320 _____ (Adobe Systems Incorporated) C: \ Windows \ SysWOW64 \ FlashPlayerApp.exe 2017-05- 10 23:42 - 2017-01-07 17:38 - 00144888 _____ (Adobe Systems Incorporated) C: \ Windows \ SysWOW64 \ FlashPlayerCPLApp.cpl 2017-05-10 23:42 - 2017-01-07 17:38 - 00000000 ____D C: \ Windows \ SysWOW64 \ Macromed 2017-05-10 23:42 - 2017-01-07 17:38 - 00000000 ____D C: \ Windows \ system32 \ Macromed 2017-05-10 23:42 - 2016-12- 19 19:01 - 00000000 ____D C: \ Users \ Zero \ AppData \ Local \ Adobe 2017-05-10 13:33 - 2016-12-15 14:06 - 00000000 ____D C: \ Users \ Zero 2017-05-10 05:46 - 2016-12-15 15:05 - 00000000 ____D C: \ Program Files \ Mozilla Firefox 2017-05-10 04:03 - 2009-07-14 05:20 - 00000000 ____D C: \ Windows \ rescache 2017 -05-10 04:02 - 2017-04-06 22:38 - 00000000 ____D C: \ Users \ Zero \ AppData \ Local \ ElevatedDiagnostics 2017-05-1 0 03:25 - 2009-07-14 06:45 - 00301744 _____ C: \ Windows \ system32 \ FNTCACHE.DAT 2017-05-10 03:23 - 2009-07-14 05:20 - 00000000 ____D C: \ Windows \ PolicyDefinitions 2017-05-10 03:05 - 2016-12-30 02:23 - 02115066 _____ C: \ Windows \ SysWOW64 \ PerfStringBackup.INI 2017-05-10 03:04 - 2016-12-15 16:02 - 00000000 ____D C: \ Windows \ system32 \ MRT 2017-05-10 03:02 - 2016-12-15 16:02 - 156335152 ____C (Microsoft Corporation) C: \ Windows \ system32 \ MRT.exe 2017-05-07 09 : 36 - 2016-12-19 19:03 - 00004476 _____ C: \ Windows \ System32 \ Tasks \ Adobe Acrobat Update Task 2017-05-04 19:35 - 2017-04-02 19:30 - 00000000 ____D C: \ Users \ Zero \ AppData \ Local \ BlackDesertOnline 2017-04-29 12:36 - 2016-12-15 17:01 - 00000000 ____D C: \ Users \ Zero \ Documents \ My Games 2017-04-14 09:06 - 2017 -02-24 12:41 - 00000000 ____D C: \ Users \ Zero \ .android ===================== Files in the root directory of some directories ====== = 2016-12-30 22:09 - 2016-12-30 23:28 - 0007603 _____ () C: \ Users \ Zero \ AppData \ Local \ Resmon.ResmonCfg Some files in TEMP: ==================== 2017-04-03 00:51 - 2017-04-05 17:24 - 0000056 _____ () C: \ Users \ Zero \ AppData \ Local \ Temp \ 2b3ba2d8731fc8a722be565fe828f981.dll 2017-04-03 00:51 - 2017-05-04 19:39 - 0000000 _____ () C: \ Users \ Zero \ AppData \ Local \ Temp \ 6699d3ee8dd9cf775caae782c8f44f03.dll 2017 -04-28 23:37 - 2017-05-04 19:35 - 0000019 _____ () C: \ Users \ Zero \ AppData \ Local \ Temp \ 73d36d58b31c31d9ac73ceba76e9de91.dll 2016-12-15 14:13 - 2017-01- 20 16:07 - 0757240 _____ (NVIDIA Corporation) C: \ Users \ Zero \ AppData \ Local \ Temp \ nvSCPAPI.dll 2016-12-15 14:13 - 2017-01-20 16:07 - 0872088 _____ (NVIDIA Corporation ) C: \ Users \ Zero \ AppData \ Local \ Temp \ nvSCPAPI64.dll 2016-12-15 14:13 - 2016-12-11 20:23 - 0485344 _____ (NVIDIA Corporation) C: \ Users \ Zero \ AppData \ Local \ Temp \ nvStereoApiI64.dll 2017-01-24 21:29 - 2017-01-20 16:07 - 0352704 _____ (NVIDIA Corporation) C: \ Users \ Zero \ AppData \ Local \ Temp \ nvStInst.exe 2017-01 -25 19:59 - 2017-01-25 19:59 - 14773216 _____ (Microsoft Corporation) C: \ Users \ Zero \ AppData \ Local \ Temp \ v credist_x64.exe ==================== Bamital & volsnap ====================== (Es there is no automatic fix for files that failed the verification.) C: \ Windows \ system32 \ winlogon.exe => File is digitally signed C: \ Windows \ system32 \ wininit.exe => File is digitally signed C: \ Windows \ SysWOW64 \ wininit.exe => File is digitally signed C: \ Windows \ explorer.exe => File is digitally signed C: \ Windows \ SysWOW64 \ explorer.exe => File is digitally signed C: \ Windows \ system32 \ svchost.exe => File is digitally signed C: \ Windows \ SysWOW64 \ svchost.exe => File is digitally signed C: \ Windows \ system32 \ services.exe => File is digitally signed C: \ Windows \ system32 \ User32 .dll => File is digitally signed C: \ Windows \ SysWOW64 \ User32.dll => File is digitally signed C: \ Windows \ system32 \ userinit.exe => File is digitally signed C: \ Windows \ SysWOW64 \ userinit.exe => The file is digitally signed C: \ Windows \ system32 \ rpcss.dll => The file is digitally signed C: \ Windows \ system32 \ dns api.dll => File is digitally signed C: \ Windows \ SysWOW64 \ dnsapi.dll => File is digitally signed C: \ Windows \ system32 \ Drivers \ volsnap.sys => File is digitally signed LastRegBack: 2017-05-10 03:55 ===================== End of FRST.txt ======================= ======