Inactive Possible infection, lingering iexplore32 and processes after closing explorer.

After testing:

rundll32 clears temp browser files it seems. (and also works with recovery files and such things upon closing IE 11 with "clear all temporary data on exit" active).

And it still takes 4-5 seconds to actually see the process terminate for the (seemingly) main iexplore.

After some more regedit editing, no matter how many tabs (only tested to around 30 tabs), only 3 processes show up.
Im still nervous why iexplore*32 was active earlier after closing it, though so far it looks like it was a bug from IE 11.

Though would like advice on how to proceed from now.
 
Update:
rundll32 seems to have calmed down and only opens 1-2 instances when removing temp IE 11 files.
Only 3 processes starts of iexplore at most, and (after closing IE 11) one still lingers as it does IE 11 things im assuming for about 4-5 seconds.
Scan from kaspersky (highest security settings) and malware bytes (with added rootkitscan) (not safe mode scans both) show up clean, and I havent seen iexplore*32 at all since the firefox website browsing to acquire firefox with IE 11.
Malwarebytes and kaspersky both havent given me warnings otherwise with its system protection either.
And after finding that forum thread, it seems to have fixed itself... though im still not too happy about leaving it as it is.

Im starting to think ive wasted your time with what is basically IE 11 bugs. :( Sorry.
Firefox closes normally, and im seriosly considering doing a test with a reformat to see if its indeed IE 11 being weird on its own.
Its not like I have alot of data right now on it thats important anyway.

Something rubs me the wrong way about how IE 11 has been acting.
 
Last edited:
Other then the IE 11 issues, I havent seen other issues besides slight occasional sluggishness due to not having completed the reinstalls fully probably.
I also cant see how the official firefox website is unsafe, though I could be wrong.
The firefox installer was: "Firefox Setup Stub 45.0.1" and im almost certain www.mozilla.org is 99% safe to browse through in IE 11.
The way I can think of that could have been an isssue is the hours long windows updates... without antivirus, anti-malware or a non-windows firewall.
 
(If possible if like to reformat instead. :( Can I do that without issues after using farbar scan?)

Im also getting alot of "Hard page memory faults" in the resource manager. (100/s at times)
And some weird adresses in the network connections.
Ill get back to this forum within 2-3 days, im assuming its more errors then I see and its caused by faulty drivers/malware/other things.
Ill do a clean reformat and fix up things before I connect to the internet again.
The amount of work I have to do to correct memory errors, IE 11 bugs and suspected malware is better done with a clean reformat.

:(
I apologise for the issues I caused, and I hope I helped to contribute to the website and its knowledge base.
Consider this thread closed for purposes of fixing this computer, and ill get back within a few days.

PS: If possible, post/link methods/programs to keep my PC safe that I can read up on later in this thread if possible. (Or if you have a thread on that already here on this forum)
It would be nice to have a better knowledge base to be more vigilant for the future.

PPS: Thanks for the excellent dialogue and website, it raised alot of awareness in computer security and how malware works.
 
Last edited:
Ill wait to reformat until I have your final words on this. :(
Im abit new at this security thing.
I need to know how/when/why/what of a basic security basis to build my new PC on.
Thanks in advance.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jarv [Administrator]
Started from : C:\Users\Jarv\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/28/2016 19:26:48

¤¤¤ Processes : 1 ¤¤¤
[Tr.Zeus] mbamservice.exe(4928) -- D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[x] -> Found

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2507822225-2880941523-1003554431-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.mozilla.org/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2507822225-2880941523-1003554431-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.mozilla.org/ -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{11DEE299-B50B-448C-BCFB-AFB9A1A58CA7} | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{11DEE299-B50B-448C-BCFB-AFB9A1A58CA7} | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{11DEE299-B50B-448C-BCFB-AFB9A1A58CA7} | DhcpNameServer : 89.150.192.2 89.150.224.2 8.8.8.8 ([-][X][-]) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SJ +++++
--- User ---
[MBR] d64a7e6b7d05f2b6c283de741ffcea30
[BSP] 10f28ccab0b5711430304340dc67edfb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 299900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD7501AALS-00J7B0 +++++
--- User ---
[MBR] 83936222ebcf2c4c691ce4f1c0e1f977
[BSP] 5a40121e5de46331607070aaa0c3f2cc : Empty|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-03-28
Scan Time: 19:33
Logfile: Review 3.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.03.28.06
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jarv

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 523864
Time Elapsed: 57 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v5.107 - Logfile created 28/03/2016 at 20:35:03
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Jarv - PARW-PC
# Running from : C:\Users\Jarv\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [610 bytes] - [28/03/2016 20:35:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [682 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64
Ran by Jarv (Administrator) on 2016-03-28 at 20:38:43,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9PN7T80 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQFQ7GCZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4TLPXPT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jarv\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKHT0N21 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9PN7T80 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FQFQ7GCZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H4TLPXPT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKHT0N21 (Temporary Internet Files Folder)

Deleted the following from C:\Users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-03-28 at 20:39:24,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
From the results it looks like one false positive (zeus), and no infected files. :/ I guess it really wasa bug in IE 11.
Though this wasnt done in safe mode, so that might be a thing I need to try.
(The protection sofware processes got suspended though, and cant access them now :( )
 
:)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 16-03-28.01 - Jarv 2016-03-28 21:35:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.8087.5732 [GMT 2:00]
Körs från: c:\users\Jarv\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Total Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Total Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\security\logs\scecomp.log
.
.
(((((((((((((((((((((((( Filer skapade från 2016-02-28 till 2016-03-28 ))))))))))))))))))))))))))))))
.
.
2016-03-28 19:39 . 2016-03-28 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-28 18:34 . 2016-03-28 18:35 -------- d-----w- C:\AdwCleaner
2016-03-28 17:22 . 2016-03-28 17:22 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-28 17:21 . 2016-03-28 17:30 -------- d-----w- c:\programdata\RogueKiller
2016-03-27 13:22 . 2016-03-27 13:22 -------- d-----w- C:\FRST
2016-03-27 08:23 . 2016-03-28 19:28 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-27 08:23 . 2016-03-27 08:23 -------- d-----w- c:\programdata\Malwarebytes
2016-03-27 08:23 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-27 08:23 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-27 08:23 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-27 07:31 . 2013-05-06 06:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-03-27 07:31 . 2016-03-27 07:31 -------- d-----w- c:\windows\ELAMBKUP
2016-03-27 07:31 . 2016-03-28 18:45 -------- d-----w- c:\programdata\Kaspersky Lab
2016-03-27 07:31 . 2016-03-27 07:31 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-03-27 07:31 . 2016-03-27 07:37 934808 ----a-w- c:\windows\system32\drivers\klif.sys
2016-03-27 07:31 . 2015-12-05 23:12 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-03-27 07:31 . 2015-12-05 23:12 181640 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-03-27 07:06 . 2016-03-27 07:06 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-03-25 14:33 . 2016-03-25 05:44 -------- d-----w- c:\windows\Panther
2016-03-25 12:52 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-03-25 12:52 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-03-25 12:52 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2016-03-25 12:52 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2016-03-25 11:08 . 2016-03-25 11:08 -------- d-----w- c:\windows\SysWow64\Wat
2016-03-25 11:08 . 2016-03-25 11:08 -------- d-----w- c:\windows\system32\Wat
2016-03-25 10:31 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 10:31 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 10:27 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2016-03-25 10:05 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2016-03-25 09:46 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2016-03-25 09:39 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2016-03-25 09:39 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-03-25 09:39 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-03-25 09:39 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2016-03-25 09:39 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2016-03-25 09:39 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2016-03-25 09:32 . 2016-03-25 09:32 -------- d-----w- c:\windows\Migration
2016-03-25 09:32 . 2016-03-25 09:32 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-03-25 09:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2016-03-25 09:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2016-03-25 09:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2016-03-25 09:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2016-03-25 09:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2016-03-25 09:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2016-03-25 09:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2016-03-25 09:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-03-25 09:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-03-25 09:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-03-25 09:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-03-25 09:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-03-25 09:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-03-25 09:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-03-25 09:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-03-25 08:58 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs
2016-03-25 08:57 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2016-03-25 08:56 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2016-03-25 08:55 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-03-25 08:55 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-03-25 08:55 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-03-25 08:55 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-03-25 08:55 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-25 08:55 . 2016-01-22 06:02 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-25 08:55 . 2016-01-22 06:02 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-25 08:55 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-03-25 08:55 . 2015-09-23 13:15 460776 ----a-w- c:\windows\system32\drivers\cng.sys
2016-03-25 08:55 . 2015-09-23 13:15 299632 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-03-25 08:55 . 2015-09-23 13:09 251000 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2016-03-25 08:53 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2016-03-25 08:53 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2016-03-25 08:52 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2016-03-25 08:52 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2016-03-25 08:52 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2016-03-25 08:52 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2016-03-25 08:52 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2016-03-25 08:52 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2016-03-25 08:52 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2016-03-25 08:52 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2016-03-25 08:52 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2016-03-25 08:52 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2016-03-25 08:52 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2016-03-25 08:50 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-03-25 08:39 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2016-03-25 08:39 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2016-03-25 08:39 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2016-03-25 08:39 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2016-03-25 08:39 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2016-03-25 08:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2016-03-25 08:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2016-03-25 08:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2016-03-25 07:12 . 2010-11-20 13:33 299392 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2016-03-25 07:01 . 2016-03-10 11:51 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA5DD84D-1340-453F-9CAB-38DBE6BA5EF0}\mpengine.dll
2016-03-25 07:01 . 2015-12-02 13:18 301728 ------w- c:\windows\system32\MpSigStub.exe
2016-03-25 05:57 . 2016-03-25 05:57 -------- d-----w- c:\program files\Broadcom
2016-03-25 05:56 . 2016-03-27 07:37 -------- d-sh--w- c:\windows\Installer
2016-03-25 05:49 . 2016-03-25 05:49 -------- d-----w- c:\users\Jarv
2016-03-25 05:44 . 2016-03-25 05:44 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-27 07:37 . 2015-06-06 06:51 77728 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-03-25 07:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-03-25 07:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-02-11 18:30 . 2016-03-25 08:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2;c:\windows\system32\DRIVERS\klkbdflt2.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt2.sys [x]
.
.
--- Övriga tjänster/drivrutiner I minnet ---
.
*NewlyCreated* - CM_KM
*NewlyCreated* - KL1
*NewlyCreated* - KLDISK
*NewlyCreated* - KLHK
*NewlyCreated* - KLIM6
*NewlyCreated* - KLKBDFLT2
*NewlyCreated* - KLPD
*NewlyCreated* - KLTDI
*NewlyCreated* - KLWTP
*NewlyCreated* - KNEPS
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.mozilla.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.150.192.2 89.150.224.2 8.8.8.8
FF - ProfilePath - c:\users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2016-03-28 21:41:42
ComboFix-quarantined-files.txt 2016-03-28 19:41
.
Före genomsökningen: 269 435 400 192 bytes free
Efter genomsökningen: 269 043 695 616 bytes free
.
- - End Of File - - FB376255AEFA4DEF2ECA01C7C47982C9
A36C5E4F47E84449FF07ED3517B43A31
 
(extra scan)

ComboFix 16-03-28.01 - Jarv 2016-03-28 21:52:40.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1033.18.8087.6123 [GMT 2:00]
Körs från: c:\users\Jarv\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
FW: Kaspersky Total Security *Disabled* {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
SP: Kaspersky Total Security *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((( Filer skapade från 2016-02-28 till 2016-03-28 ))))))))))))))))))))))))))))))
.
.
2016-03-28 19:55 . 2016-03-28 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-03-28 18:34 . 2016-03-28 18:35 -------- d-----w- C:\AdwCleaner
2016-03-28 17:22 . 2016-03-28 17:22 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-28 17:21 . 2016-03-28 17:30 -------- d-----w- c:\programdata\RogueKiller
2016-03-27 13:22 . 2016-03-27 13:22 -------- d-----w- C:\FRST
2016-03-27 08:23 . 2016-03-28 19:51 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-27 08:23 . 2016-03-27 08:23 -------- d-----w- c:\programdata\Malwarebytes
2016-03-27 08:23 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-27 08:23 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-27 08:23 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-27 07:31 . 2013-05-06 06:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2016-03-27 07:31 . 2016-03-27 07:31 -------- d-----w- c:\windows\ELAMBKUP
2016-03-27 07:31 . 2016-03-28 19:50 -------- d-----w- c:\programdata\Kaspersky Lab
2016-03-27 07:31 . 2016-03-27 07:31 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2016-03-27 07:31 . 2016-03-27 07:37 934808 ----a-w- c:\windows\system32\drivers\klif.sys
2016-03-27 07:31 . 2015-12-05 23:12 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2016-03-27 07:31 . 2015-12-05 23:12 181640 ----a-w- c:\windows\system32\drivers\klflt.sys
2016-03-27 07:06 . 2016-03-27 07:06 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2016-03-25 14:33 . 2016-03-25 05:44 -------- d-----w- c:\windows\Panther
2016-03-25 12:52 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-03-25 12:52 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2016-03-25 12:52 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2016-03-25 12:52 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2016-03-25 11:08 . 2016-03-25 11:08 -------- d-----w- c:\windows\SysWow64\Wat
2016-03-25 11:08 . 2016-03-25 11:08 -------- d-----w- c:\windows\system32\Wat
2016-03-25 10:31 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 10:31 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 10:27 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2016-03-25 10:05 . 2013-10-02 01:10 44544 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2016-03-25 09:46 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2016-03-25 09:39 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2016-03-25 09:39 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-03-25 09:39 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2016-03-25 09:39 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2016-03-25 09:39 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2016-03-25 09:39 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2016-03-25 09:32 . 2016-03-25 09:32 -------- d-----w- c:\windows\Migration
2016-03-25 09:32 . 2016-03-25 09:32 -------- d-----w- c:\program files (x86)\Microsoft.NET
2016-03-25 09:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2016-03-25 09:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2016-03-25 09:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2016-03-25 09:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2016-03-25 09:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2016-03-25 09:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2016-03-25 09:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2016-03-25 09:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-03-25 09:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-03-25 09:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-03-25 09:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-03-25 09:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-03-25 09:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-03-25 09:01 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-03-25 09:01 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-03-25 08:58 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs
2016-03-25 08:57 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2016-03-25 08:56 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2016-03-25 08:55 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-03-25 08:55 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-03-25 08:55 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-03-25 08:55 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-03-25 08:55 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-25 08:55 . 2016-01-22 06:02 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-25 08:55 . 2016-01-22 06:02 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-25 08:55 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-03-25 08:55 . 2015-09-23 13:15 460776 ----a-w- c:\windows\system32\drivers\cng.sys
2016-03-25 08:55 . 2015-09-23 13:15 299632 ----a-w- c:\windows\system32\bcryptprimitives.dll
2016-03-25 08:55 . 2015-09-23 13:09 251000 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2016-03-25 08:53 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2016-03-25 08:53 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2016-03-25 08:52 . 2011-06-15 10:02 212992 ----a-w- c:\windows\system32\odbctrac.dll
2016-03-25 08:52 . 2011-06-15 10:02 163840 ----a-w- c:\windows\system32\odbccp32.dll
2016-03-25 08:52 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccu32.dll
2016-03-25 08:52 . 2011-06-15 10:02 106496 ----a-w- c:\windows\system32\odbccr32.dll
2016-03-25 08:52 . 2011-06-15 09:59 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2016-03-25 08:52 . 2011-06-15 08:55 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2016-03-25 08:52 . 2011-06-15 08:55 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2016-03-25 08:52 . 2011-06-15 08:55 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2016-03-25 08:52 . 2011-06-15 08:55 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2016-03-25 08:52 . 2011-06-15 08:55 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2016-03-25 08:52 . 2011-06-15 08:54 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2016-03-25 08:50 . 2016-01-07 17:42 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-03-25 08:39 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2016-03-25 08:39 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2016-03-25 08:39 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2016-03-25 08:39 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2016-03-25 08:39 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2016-03-25 08:37 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2016-03-25 08:37 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2016-03-25 08:37 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2016-03-25 07:12 . 2010-11-20 13:33 299392 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2016-03-25 07:01 . 2016-03-10 11:51 11249080 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA5DD84D-1340-453F-9CAB-38DBE6BA5EF0}\mpengine.dll
2016-03-25 07:01 . 2015-12-02 13:18 301728 ------w- c:\windows\system32\MpSigStub.exe
2016-03-25 05:57 . 2016-03-25 05:57 -------- d-----w- c:\program files\Broadcom
2016-03-25 05:56 . 2016-03-27 07:37 -------- d-sh--w- c:\windows\Installer
2016-03-25 05:49 . 2016-03-25 05:49 -------- d-----w- c:\users\Jarv
2016-03-25 05:44 . 2016-03-25 05:44 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-27 07:37 . 2015-06-06 06:51 77728 ----a-w- c:\windows\system32\drivers\kldisk.sys
2016-03-25 07:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2016-03-25 07:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2016-02-11 18:30 . 2016-03-25 08:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;d:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S4 klkbdflt2;Kaspersky Lab KlKbdFlt2;c:\windows\system32\DRIVERS\klkbdflt2.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt2.sys [x]
.
.
--- Övriga tjänster/drivrutiner I minnet ---
.
*NewlyCreated* - CM_KM
*NewlyCreated* - KL1
*NewlyCreated* - KLDISK
*NewlyCreated* - KLHK
*NewlyCreated* - KLIM6
*NewlyCreated* - KLKBDFLT2
*NewlyCreated* - KLPD
*NewlyCreated* - KLTDI
*NewlyCreated* - KLWTP
*NewlyCreated* - KNEPS
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.mozilla.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 89.150.192.2 89.150.224.2 8.8.8.8
FF - ProfilePath - c:\users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default\
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2016-03-28 21:56:54
ComboFix-quarantined-files.txt 2016-03-28 19:56
.
Före genomsökningen: 269 100 646 400 bytes free
Efter genomsökningen: 269 046 820 864 bytes free
.
- - End Of File - - 704B07FFE761FF3B8E19C8E41E50C5F1
A36C5E4F47E84449FF07ED3517B43A31
 
(Quarentine)
2016-03-28 19:41:42 . 2016-03-28 19:41:42 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2016-03-28 19:41:01 . 2016-03-28 19:41:01 230 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-RunOnce-SPReview.reg.dat
2016-03-28 19:37:45 . 2016-03-28 19:54:20 4,039 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2016-03-28 19:34:45 . 2016-03-28 19:52:12 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2016-03-27 07:31:32 . 2016-03-27 07:31:32 234 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\logs\scecomp.log.vir
2016-03-25 07:18:25 . 2016-03-25 07:18:25 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
 
(the fix broke some of admin things I think, as in I cant see (run as admin) shield icon anymore on icons.)
 
I also think it broke autostart for the anti-malware/virus. And I think it broke due to malwarebytes running some processes it seems?
And the first scan also didnt disable internet I think?
 
Zeus was also mentioned as a false positive if it was the only listed process that was an anti-virus that was "infected".
So it wasnt deleted earlier.
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jarv (administrator) on PARW-PC (28-03-2016 22:54:57)
Running from D:\
Loaded Profiles: Jarv (Available Profiles: Jarv)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 89.150.192.2 89.150.224.2 8.8.8.8
Tcpip\..\Interfaces\{11DEE299-B50B-448C-BCFB-AFB9A1A58CA7}: [DhcpNameServer] 89.150.192.2 89.150.224.2 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2507822225-2880941523-1003554431-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2507822225-2880941523-1003554431-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2507822225-2880941523-1003554431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.mozilla.org/
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default
FF DefaultSearchEngine: DuckDuckGo
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: uBlock Origin - C:\Users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default\Extensions\uBlock0@raymondhill.net.xpi [2016-03-27]
FF Extension: uMatrix - C:\Users\Jarv\AppData\Roaming\Mozilla\Firefox\Profiles\ycqg1e87.default\Extensions\uMatrix@raymondhill.net.xpi [2016-03-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-03-27]
StartMenuInternet: FIREFOX.EXE - D:\Firefox\firefox.exe

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-06] (Kaspersky Lab ZAO)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-03-27] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2015-12-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-12-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-03-27] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-06] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-28] ()
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys 27DABFB4A6B0140C34DBEC713469592B
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cm_km.sys B2A6D2A30E93B6F215F74AC7E1733C9C
C:\Windows\System32\Drivers\cng.sys EC0511BB85BAA42A9734011685A6732C
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F242E36CDA231701CFA702641C20FAEC
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys 455B75C19BF3F1F2EE3AC10E1169826C
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys BEE1682DA217A4AD46C36896769AA580
C:\Windows\System32\DRIVERS\klbackupdisk.sys 86F40D79CE80ACBE6BEBAC8CE89D75A0
C:\Windows\System32\DRIVERS\klbackupflt.sys C80861511ADA03A65DC12FAA207592F8
C:\Windows\System32\DRIVERS\kldisk.sys 80D7529E1CF09261FADF55E69EFDA90B
C:\Windows\System32\DRIVERS\klflt.sys DE7D2DEDE9C9D5219AA439172BA8D21C
C:\Windows\System32\DRIVERS\klhk.sys C62B714428FD30DD7B3115566C3F470B
C:\Windows\System32\DRIVERS\klif.sys 16E6DEF683D0EFAC8EED0D0FF4FE00DD
C:\Windows\System32\DRIVERS\klim6.sys 3553584440A11136C899B67ACC8CBE9D
C:\Windows\System32\DRIVERS\klkbdflt.sys 22C4E9381C60DA78161FA042FDBA6873
C:\Windows\System32\DRIVERS\klmouflt.sys D792857D47B8DF5BFEC02534C1933BE2
C:\Windows\System32\DRIVERS\klpd.sys F610F5F17BC87D61EF8954CCD793BAE4
C:\Windows\System32\DRIVERS\kltdi.sys B36DEE2A91F9388C4D3ED744592DE81D
C:\Windows\System32\DRIVERS\klwtp.sys 2AA3537309C2B9A7F120FB9E6A38250A
C:\Windows\System32\DRIVERS\kneps.sys 1686DE8288052316EFDD49EEA8929065
C:\Windows\System32\Drivers\ksecdd.sys 211A379BAAB812A7B437319BD85B2435
C:\Windows\System32\Drivers\ksecpkg.sys CC1B3B52F33CBC1CE60867DA4E23537C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 1239597BAB7EED2BB16D035AF87E65D9
C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB
C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\system32\drivers\mwac.sys 452ACB7A9914398D9E18CCCFFCF92208
C:\Windows\System32\drivers\MBfilt64.sys 8FF2D95CBA49B405C5DE27039FF0BF35
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys D7ADC2B83CA0B0381F75A98351F72CEE
C:\Windows\System32\DRIVERS\mrxsmb.sys 07F8F6B0CAEC7ADD30EBD94940A315D7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 8856E45D23BFF4D977BF06D0543BCD96
C:\Windows\System32\DRIVERS\mrxsmb20.sys 8D383CED28332B5F3894658857472F47
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
 
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-28 21:56 - 2016-03-28 21:56 - 00015362 _____ C:\ComboFix.txt
2016-03-28 21:41 - 2016-03-28 21:41 - 00015705 _____ C:\ComboFix1.txt
2016-03-28 21:34 - 2016-03-28 21:56 - 00000000 ____D C:\Qoobox
2016-03-28 21:34 - 2016-03-28 21:40 - 00000000 ____D C:\Windows\erdnt
2016-03-28 21:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-28 21:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-28 21:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-28 21:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-28 21:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-28 21:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-28 21:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-28 21:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-28 21:27 - 2016-03-28 21:27 - 05659241 ____R (Swearware) C:\Users\Jarv\Desktop\ComboFix.exe
2016-03-28 20:39 - 2016-03-28 20:39 - 00003332 _____ C:\Users\Jarv\Desktop\JRT.txt
2016-03-28 20:37 - 2016-03-28 20:37 - 01610352 _____ (Malwarebytes) C:\Users\Jarv\Desktop\JRT.exe
2016-03-28 20:34 - 2016-03-28 20:35 - 00000000 ____D C:\AdwCleaner
2016-03-28 20:33 - 2016-03-28 20:33 - 03102208 _____ C:\Users\Jarv\Desktop\AdwCleaner.exe
2016-03-28 20:31 - 2016-03-28 20:31 - 00001052 _____ C:\Users\Jarv\Desktop\Review 3.txt
2016-03-28 19:30 - 2016-03-28 19:30 - 00006522 _____ C:\Users\Jarv\Desktop\Review.txt
2016-03-28 19:22 - 2016-03-28 19:22 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-28 19:21 - 2016-03-28 19:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-28 19:20 - 2016-03-28 19:20 - 19655240 _____ C:\Users\Jarv\Desktop\RogueKiller.exe
2016-03-28 19:17 - 2016-03-28 19:17 - 19655240 _____ C:\Users\Jarv\Downloads\RogueKiller.exe
2016-03-27 15:22 - 2016-03-28 22:54 - 00000000 ____D C:\FRST
2016-03-27 12:15 - 2016-03-28 20:52 - 00007623 _____ C:\Users\Jarv\AppData\Local\Resmon.ResmonCfg
2016-03-27 10:23 - 2016-03-28 22:39 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-27 10:23 - 2016-03-27 10:23 - 00000781 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-27 10:23 - 2016-03-27 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-27 10:23 - 2016-03-27 10:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-27 10:23 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-27 10:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-27 10:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-27 09:31 - 2016-03-28 21:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-03-27 09:31 - 2016-03-27 09:37 - 00934808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-03-27 09:31 - 2016-03-27 09:31 - 00002111 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-03-27 09:31 - 2016-03-27 09:31 - 00000000 ____D C:\Windows\ELAMBKUP
2016-03-27 09:31 - 2016-03-27 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-03-27 09:31 - 2016-03-27 09:31 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-03-27 09:31 - 2015-12-06 01:12 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-03-27 09:31 - 2015-12-06 01:12 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-03-27 09:31 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-03-27 09:06 - 2016-03-27 09:14 - 00000000 ____D C:\Users\Jarv\AppData\Local\Mozilla
2016-03-27 09:06 - 2016-03-27 09:07 - 00000000 ____D C:\Users\Jarv\AppData\Roaming\Mozilla
2016-03-27 09:06 - 2016-03-27 09:06 - 00000602 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-27 09:06 - 2016-03-27 09:06 - 00000602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-27 09:06 - 2016-03-27 09:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-25 16:33 - 2016-03-25 07:44 - 00000000 ____D C:\Windows\Panther
2016-03-25 14:53 - 2015-12-08 23:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-03-25 14:53 - 2015-12-08 23:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-03-25 14:53 - 2015-12-08 23:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-03-25 14:53 - 2015-12-08 23:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-03-25 14:53 - 2015-12-08 23:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-03-25 14:53 - 2015-12-08 23:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-03-25 14:53 - 2015-12-08 23:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-03-25 14:53 - 2015-12-08 23:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-03-25 14:53 - 2015-12-08 23:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-03-25 14:53 - 2015-12-08 23:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-03-25 14:53 - 2015-12-08 21:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-03-25 14:53 - 2015-12-08 21:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-03-25 14:53 - 2015-12-08 21:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-03-25 14:53 - 2015-12-08 21:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-03-25 14:53 - 2015-12-08 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-03-25 14:53 - 2015-12-08 21:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-03-25 14:53 - 2015-12-08 20:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-03-25 14:53 - 2015-12-08 20:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-03-25 14:53 - 2015-12-08 20:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-03-25 14:53 - 2015-11-10 20:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-03-25 14:53 - 2015-11-10 20:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-03-25 14:53 - 2015-11-10 20:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-03-25 14:53 - 2015-11-10 20:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-03-25 14:53 - 2015-11-10 20:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-03-25 14:53 - 2015-07-30 20:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-03-25 14:53 - 2015-07-30 19:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-03-25 14:52 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-03-25 14:52 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-03-25 14:52 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-03-25 14:52 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-03-25 14:49 - 2016-03-25 14:49 - 00000000 ____D C:\Users\Jarv\AppData\Roaming\Adobe
2016-03-25 12:31 - 2015-07-30 15:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 12:31 - 2015-07-30 15:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-25 12:27 - 2013-10-14 19:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2016-03-25 12:24 - 2016-03-25 12:24 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-25 12:24 - 2016-03-25 12:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-25 12:24 - 2016-03-25 12:24 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-25 12:24 - 2016-03-25 12:24 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-25 12:24 - 2016-03-25 12:24 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-03-25 12:24 - 2016-03-25 12:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-03-25 12:24 - 2016-03-25 12:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-25 12:24 - 2016-03-25 12:24 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
 
2016-03-25 12:24 - 2016-03-25 12:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-25 12:24 - 2016-03-25 12:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-03-25 12:24 - 2016-03-25 12:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-03-25 12:24 - 2016-03-25 12:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-03-25 12:24 - 2016-03-25 12:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-03-25 12:24 - 2016-03-25 12:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-25 12:05 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2016-03-25 12:05 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2016-03-25 12:05 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2016-03-25 12:05 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2016-03-25 12:05 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2016-03-25 12:05 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-03-25 12:05 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2016-03-25 12:05 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-03-25 12:05 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2016-03-25 12:05 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2016-03-25 12:05 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-03-25 12:05 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-03-25 12:05 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-03-25 12:05 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-03-25 12:05 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-03-25 12:05 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-03-25 12:05 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-25 12:05 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-25 11:39 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-25 11:39 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2016-03-25 11:39 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-03-25 11:39 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2016-03-25 11:39 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2016-03-25 11:39 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-25 11:33 - 2016-03-25 11:33 - 00749404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-25 11:14 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2016-03-25 11:14 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2016-03-25 11:14 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-03-25 11:14 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2016-03-25 11:14 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2016-03-25 11:14 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2016-03-25 11:14 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2016-03-25 11:14 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-03-25 11:05 - 2013-01-13 23:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 23:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-03-25 11:05 - 2013-01-13 22:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-25 11:05 - 2013-01-13 22:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-03-25 11:05 - 2013-01-13 22:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-03-25 11:05 - 2013-01-13 21:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-03-25 11:05 - 2013-01-13 21:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-03-25 11:05 - 2013-01-13 21:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-03-25 11:05 - 2013-01-13 21:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-25 11:05 - 2013-01-13 21:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-03-25 11:05 - 2013-01-13 21:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-03-25 11:05 - 2013-01-13 21:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-03-25 11:05 - 2013-01-13 21:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-03-25 11:05 - 2013-01-13 21:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-03-25 11:05 - 2013-01-13 21:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-03-25 11:05 - 2013-01-13 21:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-03-25 11:05 - 2013-01-13 21:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-03-25 11:05 - 2013-01-13 21:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-03-25 11:05 - 2013-01-13 21:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-03-25 11:05 - 2013-01-13 21:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-03-25 11:05 - 2013-01-13 20:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-03-25 11:05 - 2013-01-13 20:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
 
Back