espingla Posted May 20, 2018 ID:1244677 Share Posted May 20, 2018 Hi, It looks like my computer got infected to the wmcagent malware (and maybe some other things) that I cannot seem to remove by any means. I've used MalwareBytes, AdwCleaner, MalwareBytes Anti-Rootkit so far, they seem to detect the malicious files, but I am having no luck trying to delete the files. I still see the "wmcagent" folder in my Local\Appdata folder that I can't do anything about because I don't have access. I have read many threads on similar issues on this forum, but unfortunately I don't quite understand where to start because I am not a computer expert. Can I please get some help here? Thank you Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted May 20, 2018 Staff ID:1244678 Share Posted May 20, 2018 ***This is an automated reply*** Hi, Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!! Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know. First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details: Spoiler Malwarebytes can detect and remove most malware with no further actions required for free. If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below. Open Malwarebytes for Windows To the left, click Scan > Scan Types. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available. Click Start Scan Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool: Spoiler Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult. Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to the disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually. Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: Click "Reveal Hidden Contents" below for details on how to add attachments to your post.Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. Spoiler To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button. Please Note the Following: One of our expert helpers will give you one-on-one assistance when one becomes available. Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine. Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here. Troubleshooting Tips FAQ - Malwarebytes won't run or failed to resolve my issues Groups authorized to help with Malware Removal for Windows logs Link to post Share on other sites More sharing options...
Aura Posted May 20, 2018 ID:1244683 Share Posted May 20, 2018 Hi espingla My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the right version of FRST for your system:FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Copy/paste the following inside the text area: Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply Link to post Share on other sites More sharing options...
espingla Posted May 20, 2018 Author ID:1244700 Share Posted May 20, 2018 Hi Aura, here's the Fixlog (also attached): Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 Ran by Minjung (20-05-2018 16:13:54) Run:1 Running from C:\Users\Minjung\Desktop Loaded Profiles: Minjung (Available Profiles: Minjung) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ==== End of Fixlog 16:13:55 ==== Fixlog.txt Link to post Share on other sites More sharing options...
espingla Posted May 20, 2018 Author ID:1244701 Share Posted May 20, 2018 Also here are the FRST and Addition files. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Aura Posted May 20, 2018 ID:1244703 Share Posted May 20, 2018 For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart. Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply. Item(s) required: USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media) Another computer (clean of infection) CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small) Preparing the USB Flash Drive Download the right version of FRST for your system from a clean computer:FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive Boot in the Recovery Environment To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:Restart the computer Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears Use the arrow keys to select Repair your computer, and press on Enter Select your keyboard layout (US, French, etc.) and click on Next Click on Command Prompt to open the command promptNote:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums. To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial. To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Once in the Windows RE, plug the USB Flash Drive in the computer Once in the command prompt In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Scan button and wait for the scan to complete A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply Link to post Share on other sites More sharing options...
espingla Posted May 20, 2018 Author ID:1244718 Share Posted May 20, 2018 Hi, I read the tutorial to enter the Recovery Environment for Windows 10 (which is what I have), but it's unclear exactly what I have to do? I see the same blue screen as attached (from the tutorial), but which one do I have to go to from here? Link to post Share on other sites More sharing options...
Aura Posted May 20, 2018 ID:1244734 Share Posted May 20, 2018 Click on the top-right option, "Command Prompt" Link to post Share on other sites More sharing options...
espingla Posted May 20, 2018 Author ID:1244737 Share Posted May 20, 2018 Ok, thanks. Here's the new FRST file. FRST.txt Link to post Share on other sites More sharing options...
Aura Posted May 20, 2018 ID:1244744 Share Posted May 20, 2018 Good. Now you should be able to install and run a scan with Malwarebytes. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan Let the scan run, the time required to complete the scan depends of your system and computer specs Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected buttonIf it asks you to restart your computer to complete the removal, do so Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply Link to post Share on other sites More sharing options...
espingla Posted May 20, 2018 Author ID:1244748 Share Posted May 20, 2018 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 5/20/18 Scan Time: 7:47 PM Log File: 3742cbf0-5c88-11e8-86a3-9883890fa07e.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.365 Update Package Version: 1.0.5186 License: Trial -System Information- OS: Windows 10 (Build 16299.431) CPU: x64 File System: NTFS User: MINJUNG\Minjung -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 343455 Threats Detected: 82 Threats Quarantined: 82 Time Elapsed: 4 min, 20 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\PepperFlash, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales, Quarantined, [2652], [521697],1.0.5186 File: 80 PUP.Optional.WinResSync.Generic, C:\USERS\MINJUNG\APPDATA\ROAMING\MICROSOFT\PROTECT\d65560-8007f1-b7a14272-bbd8a0-30c0.rs, Quarantined, [4107], [462913],1.0.5186 PUP.Optional.WinResSync.Generic, C:\USERS\MINJUNG\APPDATA\ROAMING\MICROSOFT\PROTECT\d65560-8007f1-b7a14272-bbd8a0-30c0.tpl.rs, Quarantined, [4107], [462913],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\hi.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\am.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ar.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\bg.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\bn.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ca.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\cs.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\da.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\de.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\el.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\en-GB.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\en-US.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\es-419.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\es.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\et.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\fa.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\fi.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\fil.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\fr.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\gu.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\he.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\hr.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\hu.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\id.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\it.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ja.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\kn.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ko.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\lt.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\lv.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ml.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\mr.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ms.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\nb.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\nl.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\pl.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\pt-BR.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\pt-PT.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ro.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ru.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\sk.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\sl.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\sr.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\sv.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\sw.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\ta.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\te.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\th.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\tr.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\uk.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\vi.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\zh-CN.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\locales\zh-TW.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\PepperFlash\manifest.json, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\PepperFlash\pepflashplayer.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\lua5.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\natives_blob.bin, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\output.log, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\snapshot_blob.bin, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\ssleay32.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\widevinecdmadapter.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\cef.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\cef_100_percent.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\cef_200_percent.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\cef_extensions.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\cjson.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\CrackCaptchaAPI.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\debug.log, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\devtools_resources.pak, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\icudtl.dat, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\lcurl.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\libcef.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\libcurl.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\libeay32.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\libEGL.dll, Quarantined, [2652], [521697],1.0.5186 Trojan.Yelloader, C:\Users\Minjung\AppData\Local\wmcagent\libGLESv2.dll, Quarantined, [2652], [521697],1.0.5186 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14574], [476106],1.0.5186 Hijack.Host, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Replaced, [14574], [476106],1.0.5186 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Aura Posted May 20, 2018 ID:1244749 Share Posted May 20, 2018 And now a sweep with AdwCleaner and RogueKiller. AdwCleaner - Fix Mode Download AdwCleaner and move it to your Desktop Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply RogueKiller Download the right version of RogueKiller for your Windows version (32 or 64-bit) Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner) Wait for the scan to complete On completion, the results will be displayed Check every single entry (threat found), and click on the Remove Selected button On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner) This will open the report in Notepad. Copy/paste its content in your next reply Your next reply(ies) should therefore contain: Copy/pasted AdwCleaner clean log Copy/pasted RogueKiller clean log Link to post Share on other sites More sharing options...
espingla Posted May 21, 2018 Author ID:1244759 Share Posted May 21, 2018 Ok, here you go: # ------------------------------- # Malwarebytes AdwCleaner 7.1.1.0 # ------------------------------- # Build: 04-27-2018 # Database: 2018-05-18.2 # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 05-20-2018 # Duration: 00:00:01 # OS: Windows 10 Home # Cleaned: 1 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ########## RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.16299) 64 bits version Started in : Normal mode User : Minjung [Administrator] Started from : C:\Users\Minjung\Desktop\RogueKiller64.exe Mode : Delete -- Date : 05/20/2018 20:16:41 (Duration : 01:21:52) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 8 ¤¤¤ [PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\IM -> Deleted [PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\IM -> Deleted [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com/?pc=smjb -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com/?pc=smjb -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome) [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm) [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8377278e-bfad-451c-b22d-284253eb305d} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced () [Tr.Gen] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {5B0F46FC-DCA8-45DC-A30F-30D8F8EAC4F6} : v2.24|Action=Allow|Active=TRUE|Dir=In|App=C:\WINDOWS\CRMSvc.exe|Name=CRMSvc| [x] -> Deleted ¤¤¤ Tasks : 2 ¤¤¤ [Suspicious.Path] \visualize_food -- C:\Users\Minjung\AppData\Local\Sourcing.exe (rnfanvlu) -> Deleted [Suspicious.Path] \visualize_foodvisualize_food -- C:\Users\Minjung\AppData\Local\Sourcing.exe (rnfanvlu) -> Deleted ¤¤¤ Files : 2 ¤¤¤ [PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted [Root.Wajam][File] C:\Windows\System32\drivers\b54f1e3194e570209494dc3046f9463a.sys -> Deleted ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: LITEON L8H-128V2G +++++ --- User --- [MBR] 5aef40578600422a06b842a9ae851aa2 [BSP] 980fe462507a6040b4abe904a693c5ba : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 300 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1638400 | Size: 128 MB 3 - Basic data partition | Offset (sectors): 1900544 | Size: 96453 MB 4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 199438336 | Size: 853 MB 5 - [SYSTEM][MAN-MOUNT] ??????a | Offset (sectors): 201185280 | Size: 22845 MB 6 - [SYSTEM][MAN-MOUNT] ????? | Offset (sectors): 247971840 | Size: 1024 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WD My Passport 083A USB Device +++++ --- User --- [MBR] c72ea0df714e416372cd7f3d0afa8e23 [BSP] a0ab8c1b58bc1f47fe98bbadde0b5e3e : Windows XP|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 MB [Windows XP Bootstrap | Windows XP Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) Link to post Share on other sites More sharing options...
Aura Posted May 21, 2018 ID:1244760 Share Posted May 21, 2018 Good Now please run a new scan with FRST and provide me a fresh set of logs. I'll look for remnants. Link to post Share on other sites More sharing options...
espingla Posted May 21, 2018 Author ID:1244761 Share Posted May 21, 2018 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01 Ran by Minjung (administrator) on MINJUNG (20-05-2018 21:45:26) Running from C:\Users\Minjung\Desktop Loaded Profiles: Minjung (Available Profiles: Minjung) Platform: Windows 10 Home Version 1709 16299.431 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe () C:\ProgramData\Samsung\SecIntelGfxPatch.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (Samsung) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes) C:\Users\Minjung\Desktop\AdwCleaner.exe (SAMSUNG Electronics co., LTD.) C:\ProgramData\Samsung\ShutdownEvent.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Interezen. Co., Ltd.) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxext.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\ui\updateui.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Kakao) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-21] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-12-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.) HKLM\...\Run: [Grandiloquent] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKLM\...\Run: [Lawry] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKLM\...\Run: [Monkeys] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-06-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-06-26] (Adobe Systems Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975760 2015-11-03] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ipinside-lws] => C:\Program Files (x86)\IPinside_LWS\I3GProc.exe [269088 2017-12-13] (Interezen. Co., Ltd.) HKLM-x32\...\Run: [Brasher] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKLM-x32\...\Run: [Charges] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKLM-x32\...\Run: [Charlie] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [BitTorrent] => C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe [1979080 2016-10-05] (BitTorrent Inc.) HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.) HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [9663264 2018-03-29] (Kakao Corp. ) HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Newsgroups] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Migratory] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Shipment] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Bannockburn] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Front] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Gammell] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [nco] => "C:\Program Files (x86)\sonnet\nco.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [stephane] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\RunOnce: [Application Restart #4] => C:\ProgramData\Samsung\ShutdownEvent.exe [2335744 2014-10-14] (SAMSUNG Electronics co., LTD.) Startup: C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balletic.lnk [2018-05-20] ShortcutTarget: balletic.lnk -> C:\Program Files (x86)\Crickets\Harder.exe (No File) Startup: C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balleticballetic.lnk [2018-05-20] ShortcutTarget: balleticballetic.lnk -> C:\Program Files (x86)\venturer\Sourcing.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 18.71.0.151 18.70.0.160 18.72.0.3 Tcpip\..\Interfaces\{95ff8b2b-7c8d-4b64-ba81-042394ff83f8}: [DhcpNameServer] 18.71.0.151 18.70.0.160 18.72.0.3 Tcpip\..\Interfaces\{cbd34353-9567-482c-afc6-1fc877f4932e}: [DhcpNameServer] 210.220.163.82 219.250.36.130 Internet Explorer: ================== HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2018-02-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-09-12] (Microsoft Corporation) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-06-26] (Adobe Systems Incorporated) DPF: HKLM {142DC14B-63E4-453e-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab DPF: HKLM-x32 {142DC14B-63E4-453e-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2018-02-15] (Microsoft Corporation) Handler-x32: touchenex - {4a20e600-8604-11e6-a5d1-005056c00008} - C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\CrossEXProtocol.dll [2016-09-29] (iniLINE Co., Ltd.) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-08-07] [Legacy] [not signed] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll [No File] FF Plugin-x32: @ahnlab.com/asp/npmkd25sp -> C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [No File] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-04] (Intel Corporation) FF Plugin-x32: @interezen.co.kr/npi3gmanager -> C:\Program Files (x86)\Interezen\Plugins\NPI3GManager.dll [2015-11-08] (Interezen (c) Interezen.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-14] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-06-26] (Adobe Systems Inc.) FF Plugin-x32: touchenex@raon.com/npCrossEXPlugin -> C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.981\npraontouchenex.dll [2016-09-29] (iniLINE Co., Ltd.) FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Minjung\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File] FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Minjung\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File] FF Plugin HKU\S-1-5-21-366476898-4255595637-1063196365-1001: @ahnlab.com/asp/npmkd25sp -> C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [No File] FF Plugin HKU\S-1-5-21-366476898-4255595637-1063196365-1001: @iniline.com/npCrossWeb -> C:\Users\Minjung\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll [No File] FF Plugin HKU\S-1-5-21-366476898-4255595637-1063196365-1001: @naver.com/npNLiveCast -> C:\Users\Minjung\AppData\Roaming\Mozilla\Plugins\NPNLiveCast.dll [2018-02-09] (NAVER Corp.) FF Plugin HKU\S-1-5-21-366476898-4255595637-1063196365-1001: @naver.com/npNLiveCast64 -> C:\Users\Minjung\AppData\Roaming\Mozilla\Plugins\NPNLiveCast64.dll [2018-02-09] (NAVER Corp.) FF Plugin ProgramFiles/Appdata: C:\Users\Minjung\AppData\Roaming\mozilla\plugins\NPNLiveCast.dll [2018-02-09] (NAVER Corp.) FF Plugin ProgramFiles/Appdata: C:\Users\Minjung\AppData\Roaming\mozilla\plugins\npNLiveCast64.dll [2018-02-09] (NAVER Corp.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch CHR Profile: C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default [2018-05-20] CHR Extension: (Slides) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Docs) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27] CHR Extension: (Google Search) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (TouchEn PC보안 확장) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\dncepekefegjiljlfbihljgogephdhph [2018-02-03] CHR Extension: (Sheets) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Google Docs Offline) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2018-05-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04] CHR Extension: (네이버 동영상 플러그인) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooadnieabchijkibjpeieeliohjidnjj [2018-04-20] CHR Extension: (Hola - Unlimited Proxy VPN) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl [2016-03-15] CHR Extension: (Gmail) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-11] CHR Extension: (Chrome Media Router) - C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-03] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AllShare Framework DMS; C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkManagerDMS.exe [403264 2015-01-26] (Samsung) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-12-04] (ELAN Microelectronics Corp.) R2 I3GMainSvc; C:\Program Files (x86)\IPinside_LWS\I3GMainSvc.exe [240440 2017-12-13] (Interezen. Co., Ltd.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2017-02-09] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-11-04] (Intel Corporation) R3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-08] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-04] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1743272 2018-04-05] (INCA Internet Co., Ltd.) R2 osrss; C:\WINDOWS\system32\osrss.dll [108584 2018-01-23] (Microsoft Corporation) R2 SamsungLinkService; C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe [23895392 2015-01-26] (Samsung Electronics CO., LTD.) R2 SecIntelGfxPatch; C:\ProgramData\Samsung\SecIntelGfxPatch.exe [128832 2015-03-13] () R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1777984 2015-01-19] (Samsung Electronics CO., LTD.) R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3025248 2015-07-07] (Samsung Electronics CO., LTD.) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation) S2 ALUpdateService; "C:\Program Files (x86)\ESTsoft\ALUpdate\eausvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 143674AF; C:\WINDOWS\system32\drivers\143674AF.sys [255928 2018-05-20] (Malwarebytes) S3 AhnFlt2K; C:\WINDOWS\system32\drivers\AhnFlt2K.sys [82248 2015-01-20] (AhnLab, Inc.) R2 AMonCDW8; C:\WINDOWS\system32\Drivers\AMonCDW8.sys [194288 2015-09-14] (AhnLab, Inc.) S3 Cdm2DrNt; C:\WINDOWS\system32\Drivers\Cdm2DrNt.sys [98216 2014-09-16] (AhnLab, Inc.) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-30] (Symantec Corporation) S3 EraserUtilDrv11511; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [153936 2015-07-27] (Symantec Corporation) S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-05] (Symantec Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes) R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-21] (ELAN Microelectronic Corp.) S3 HSBDrv64; C:\WINDOWS\System32\drivers\HSBDrv64.sys [130216 2015-07-02] (AhnLab, Inc.) S3 JRSKD24; C:\WINDOWS\system32\JRSKD24.SYS [38744 2018-01-14] (RaonSecure Co., Ltd.) S3 kck64; C:\WINDOWS\system32\kck64.sys [101152 2016-01-06] (Kings Information & Network) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-20] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-20] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-20] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-20] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-20] (Malwarebytes) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-04] (Intel Corporation) S3 Mkd2Bthf; C:\WINDOWS\System32\drivers\Mkd2Bthf.sys [106488 2015-05-29] (AhnLab, Inc.) S3 Mkd2Nadr; C:\WINDOWS\System32\drivers\Mkd2Nadr.sys [138952 2015-08-07] (AhnLab, Inc.) S3 Mkd3kfNt; C:\WINDOWS\System32\drivers\Mkd3kfNt.sys [183416 2015-08-07] (AhnLab, Inc.) R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [49424 2015-08-29] (SoftEther Corporation) R3 noskp; C:\WINDOWS\syswow64\noskp64.sys [48984 2018-04-04] (INCA Internet Co.,Ltd.) S3 nosku; C:\WINDOWS\syswow64\nosku64.sys [58896 2018-04-05] (INCA Internet Co.,Ltd.) R3 np_ck64s; C:\WINDOWS\syswow64\np_ck64s.sys [75680 2018-04-05] (INCA Internet Co.,Ltd.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [57608 2015-08-29] (SoftEther Corporation) S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-10-13] (DEVGURU Co., LTD.) R3 TKCtrl; C:\WINDOWS\system32\TKCtrl2k64.sys [147240 2018-04-05] (INCA Internet Co., Ltd.) R3 TKCtrl; C:\WINDOWS\SysWOW64\TKCtrl2k64.sys [147240 2018-04-05] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\WINDOWS\system32\TKFsAv64.sys [198808 2018-04-05] (INCA Internet Co., Ltd.) R3 TKFsAvM; C:\WINDOWS\SysWOW64\TKFsAv64.sys [198808 2018-04-05] (INCA Internet Co., Ltd.) R3 TKFsFtM; C:\WINDOWS\system32\TKFsFt64.sys [28824 2018-04-05] (INCA Internet Co., Ltd.) R3 TKFsFtM; C:\WINDOWS\SysWOW64\TKFsFt64.sys [28824 2018-04-05] (INCA Internet Co., Ltd.) R3 TKPcFt; C:\WINDOWS\system32\TKPcFtCb64.sys [54504 2018-04-05] (INCA Internet Co., Ltd.) R3 TKPcFt; C:\WINDOWS\SysWOW64\TKPcFtCb64.sys [54504 2018-04-05] (INCA Internet Co., Ltd.) R3 TKRgAc; C:\WINDOWS\system32\TKRgAc2k64.sys [115760 2018-04-05] (INCA Internet Co., Ltd.) R3 TKRgAc; C:\WINDOWS\SysWOW64\TKRgAc2k64.sys [115760 2018-04-05] (INCA Internet Co., Ltd.) R3 TKRgFt; C:\WINDOWS\system32\TKRgFtXp64.sys [68968 2018-04-05] (INCA Internet Co., Ltd.) R3 TKRgFt; C:\WINDOWS\SysWOW64\TKRgFtXp64.sys [68968 2018-04-05] (INCA Internet Co., Ltd.) S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-04-20] (Cisco Systems, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation) S4 npvcroag; System32\drivers\avrougke.sys [X] S1 tcprguik; \??\C:\WINDOWS\system32\drivers\tcprguik.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-20 20:16 - 2018-05-20 21:45 - 000000000 ____D C:\ProgramData\RogueKiller 2018-05-20 20:16 - 2018-05-20 20:16 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2018-05-20 20:16 - 2018-05-14 09:51 - 027045960 _____ (Adlice Software) C:\Users\Minjung\Desktop\RogueKiller64.exe 2018-05-20 20:15 - 2018-05-20 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2018-05-20 20:15 - 2018-05-20 20:15 - 000000000 ____D C:\Program Files\RogueKiller 2018-05-20 20:14 - 2018-05-20 20:14 - 036678264 _____ (Adlice Software ) C:\Users\Minjung\Desktop\RogueKiller_setup.exe 2018-05-20 20:08 - 2018-05-20 20:09 - 007271632 _____ (Malwarebytes) C:\Users\Minjung\Desktop\AdwCleaner.exe 2018-05-20 19:46 - 2018-05-20 20:13 - 000000000 ____D C:\Users\Minjung\AppData\LocalLow\BitTorrent 2018-05-20 18:20 - 2018-05-20 18:20 - 000000000 ____D C:\Users\Minjung\AppData\Local\mbolpre 2018-05-20 17:10 - 2018-05-20 17:10 - 000000000 ____D C:\Users\Minjung\AppData\Local\msaolwk 2018-05-20 17:09 - 2018-05-20 18:21 - 000000000 ____D C:\WINDOWS\Panther 2018-05-20 16:17 - 2018-05-20 16:18 - 000090841 _____ C:\Users\Minjung\Desktop\Addition.txt 2018-05-20 16:16 - 2018-05-20 21:46 - 000026934 _____ C:\Users\Minjung\Desktop\FRST.txt 2018-05-20 16:13 - 2018-05-20 16:13 - 000000774 _____ C:\Users\Minjung\Desktop\Fixlog.txt 2018-05-20 16:01 - 2018-05-20 21:45 - 000000000 ____D C:\FRST 2018-05-20 16:00 - 2018-05-20 16:00 - 002413056 _____ (Farbar) C:\Users\Minjung\Desktop\FRST64.exe 2018-05-20 14:00 - 2018-05-20 21:42 - 000000000 ____D C:\Users\Minjung\Desktop\New folder 2018-05-20 13:50 - 2018-05-20 13:50 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-05-20 13:50 - 2018-05-20 13:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-20 13:49 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-05-20 11:59 - 2018-05-20 11:59 - 000000000 ____D C:\Users\Minjung\AppData\Local\wdenmkx 2018-05-20 11:23 - 2018-05-20 11:23 - 000000000 ____D C:\Users\Minjung\AppData\Local\zadxhlv 2018-05-20 10:52 - 2018-05-20 10:52 - 000000000 ____D C:\Users\Minjung\AppData\Local\comskue 2018-05-20 04:06 - 2018-05-20 04:06 - 000000000 ____D C:\Users\Minjung\AppData\Local\exbgasi 2018-05-20 03:51 - 2018-05-20 11:02 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\143674AF.sys 2018-05-20 03:51 - 2018-05-20 03:51 - 000000000 ____D C:\Users\Minjung\AppData\Local\msdgtcw 2018-05-20 03:45 - 2018-05-20 03:45 - 000000000 ____D C:\Users\Minjung\AppData\Local\pwsingz 2018-05-20 03:24 - 2018-05-20 03:24 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2C4671BD.sys 2018-05-20 03:23 - 2018-05-20 11:57 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2018-05-20 03:23 - 2018-05-20 11:20 - 000000000 ____D C:\Users\Minjung\Desktop\mbar 2018-05-20 02:56 - 2018-05-20 02:56 - 000000000 ____D C:\Users\Minjung\AppData\Local\schtbdk 2018-05-20 02:52 - 2018-05-20 02:53 - 000000000 ____D C:\AdwCleaner 2018-05-20 02:50 - 2018-05-20 10:52 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-05-20 02:50 - 2018-05-20 02:50 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-05-20 02:42 - 2018-05-20 02:42 - 000000000 ____D C:\Users\Minjung\AppData\Local\lmhxakt 2018-05-20 02:30 - 2018-05-20 20:12 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-05-20 02:30 - 2018-05-20 20:12 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-05-20 02:30 - 2018-05-20 20:12 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-05-20 02:30 - 2018-05-20 13:50 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-05-20 02:29 - 2018-05-20 20:12 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-05-20 02:29 - 2018-05-20 13:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-20 02:29 - 2018-05-20 02:29 - 000000000 ____D C:\Program Files\Malwarebytes 2018-05-20 02:22 - 2018-05-20 02:22 - 000000000 ____D C:\Users\Minjung\AppData\Local\cgrmiew 2018-05-20 02:20 - 2018-05-20 02:20 - 000000000 ____D C:\Users\Minjung\AppData\Local\CEF 2018-05-20 01:58 - 2018-05-20 01:58 - 000000001 _____ C:\fhioq822ebnx98b 2018-05-20 01:52 - 2018-05-20 01:52 - 000000000 ____D C:\Users\Minjung\AppData\Local\pcogutx 2018-05-20 01:20 - 2018-05-20 19:53 - 000000000 ____D C:\Users\Minjung\AppData\Local\wmcagent 2018-05-20 01:20 - 2018-05-20 17:44 - 000000000 ____D C:\Users\Minjung\AppData\Local\vsmknbe 2018-05-20 01:12 - 2018-05-20 23:05 - 000000000 ____D C:\Users\Minjung\AppData\Local\dsbhcez 2018-05-20 01:11 - 2018-05-20 18:19 - 002888704 _____ C:\WINDOWS\system32\vdeaoczsvc.exe 2018-05-20 01:11 - 2018-05-20 01:11 - 000000000 ____D C:\WINDOWS\SysWOW64\rarmcou 2018-05-20 01:11 - 2018-05-20 01:11 - 000000000 ____D C:\WINDOWS\system32\rarmcou 2018-05-20 01:10 - 2018-05-20 01:10 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\et 2018-05-20 01:09 - 2018-05-20 01:09 - 000003854 _____ C:\WINDOWS\System32\Tasks\kickback-crossbars 2018-05-20 01:09 - 2018-05-20 01:09 - 000003852 _____ C:\WINDOWS\System32\Tasks\roofing 2018-05-20 01:09 - 2018-05-20 01:09 - 000003850 _____ C:\WINDOWS\System32\Tasks\stenographers 2018-05-20 01:09 - 2018-05-20 01:09 - 000003846 _____ C:\WINDOWS\System32\Tasks\opa maliciously 2018-05-20 01:09 - 2018-05-20 01:09 - 000003840 _____ C:\WINDOWS\System32\Tasks\billowed_whale 2018-05-20 01:09 - 2018-05-20 01:09 - 000003830 _____ C:\WINDOWS\System32\Tasks\vitiello 2018-05-20 01:09 - 2018-05-20 01:09 - 000003728 _____ C:\WINDOWS\System32\Tasks\kickback-crossbarskickback-crossbars 2018-05-20 01:09 - 2018-05-20 01:09 - 000003714 _____ C:\WINDOWS\System32\Tasks\opa maliciouslyopa maliciously 2018-05-20 01:09 - 2018-05-20 01:09 - 000003712 _____ C:\WINDOWS\System32\Tasks\stenographersstenographers 2018-05-20 01:09 - 2018-05-20 01:09 - 000003706 _____ C:\WINDOWS\System32\Tasks\billowed_whalebillowed_whale 2018-05-20 01:09 - 2018-05-20 01:09 - 000003704 _____ C:\WINDOWS\System32\Tasks\roofingroofing 2018-05-20 01:09 - 2018-05-20 01:09 - 000003684 _____ C:\WINDOWS\System32\Tasks\vitiellovitiello 2018-05-20 01:09 - 2018-05-20 01:09 - 000000012 _____ C:\WINDOWS\b47064577 2018-05-20 01:08 - 2018-05-20 01:08 - 001370624 _____ C:\WINDOWS\spdysrybqdrzztls.spdy 2018-05-20 00:38 - 2018-05-20 00:38 - 000043008 _____ C:\WINDOWS\paint.exe 2018-05-19 08:13 - 2018-05-19 08:13 - 000041220 _____ C:\WINDOWS\uninstaller.dat 2018-05-14 22:48 - 2018-05-14 22:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-05-14 07:45 - 2018-05-14 07:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-05-14 07:45 - 2018-05-14 07:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-05-14 07:45 - 2018-05-14 07:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-05-14 07:45 - 2018-05-14 07:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-05-13 20:47 - 2018-05-03 03:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-05-13 20:47 - 2018-05-03 03:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-05-13 20:47 - 2018-05-03 03:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-05-13 20:47 - 2018-05-03 03:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-05-13 20:47 - 2018-05-03 03:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-05-13 20:47 - 2018-05-03 03:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-05-13 20:47 - 2018-05-03 03:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2018-05-13 20:47 - 2018-05-03 03:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2018-05-13 20:47 - 2018-05-03 03:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-05-13 20:47 - 2018-05-03 03:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-05-13 20:47 - 2018-05-03 03:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-05-13 20:47 - 2018-05-03 03:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-05-13 20:47 - 2018-05-03 03:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-05-13 20:47 - 2018-05-03 03:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-05-13 20:47 - 2018-05-03 03:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2018-05-13 20:47 - 2018-05-03 03:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-05-13 20:47 - 2018-05-03 03:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-05-13 20:47 - 2018-05-03 03:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2018-05-13 20:47 - 2018-05-03 03:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-05-13 20:47 - 2018-05-03 02:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-05-13 20:47 - 2018-05-03 02:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-05-13 20:47 - 2018-05-03 02:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-05-13 20:47 - 2018-05-03 02:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-05-13 20:47 - 2018-05-03 02:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2018-05-13 20:47 - 2018-05-03 02:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-05-13 20:47 - 2018-05-03 02:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-05-13 20:47 - 2018-05-03 02:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-05-13 20:47 - 2018-05-03 02:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2018-05-13 20:47 - 2018-05-03 02:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-05-13 20:47 - 2018-05-03 02:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-05-13 20:47 - 2018-05-03 02:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2018-05-13 20:47 - 2018-05-03 02:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2018-05-13 20:47 - 2018-05-03 02:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-05-13 20:47 - 2018-05-03 02:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-05-13 20:47 - 2018-05-03 02:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll 2018-05-13 20:47 - 2018-05-03 02:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-05-13 20:47 - 2018-05-03 02:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2018-05-13 20:47 - 2018-05-03 02:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2018-05-13 20:47 - 2018-05-03 02:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2018-05-13 20:47 - 2018-05-03 02:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-05-13 20:47 - 2018-05-03 02:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2018-05-13 20:47 - 2018-05-03 02:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-05-13 20:47 - 2018-05-03 02:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-05-13 20:47 - 2018-05-03 02:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-05-13 20:47 - 2018-05-03 02:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-05-13 20:47 - 2018-05-03 02:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-05-13 20:47 - 2018-05-03 02:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-05-13 20:47 - 2018-05-03 02:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2018-05-13 20:47 - 2018-05-03 02:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-05-13 20:47 - 2018-05-03 02:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-05-13 20:47 - 2018-05-03 02:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2018-05-13 20:47 - 2018-05-03 02:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-05-13 20:47 - 2018-05-03 02:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-05-13 20:47 - 2018-05-03 02:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-05-13 20:47 - 2018-05-03 01:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-05-13 20:47 - 2018-05-03 01:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2018-05-13 20:47 - 2018-05-03 01:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-05-13 20:47 - 2018-05-03 01:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-05-13 20:47 - 2018-05-03 01:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2018-05-13 20:47 - 2018-05-03 01:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-05-13 20:47 - 2018-05-03 01:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-05-13 20:47 - 2018-05-03 01:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-05-13 20:47 - 2018-05-03 01:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2018-05-13 20:47 - 2018-05-03 01:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2018-05-13 20:47 - 2018-05-03 01:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-05-13 20:47 - 2018-05-03 01:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2018-05-13 20:47 - 2018-05-03 01:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-05-13 20:47 - 2018-05-03 01:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-05-13 20:47 - 2018-05-03 01:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-05-13 20:47 - 2018-05-03 01:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-05-13 20:47 - 2018-05-03 01:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-05-13 20:47 - 2018-05-03 01:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-05-13 20:47 - 2018-05-03 01:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-05-13 20:47 - 2018-05-03 01:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-05-13 20:47 - 2018-05-03 01:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2018-05-13 20:47 - 2018-04-15 18:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-05-13 20:47 - 2018-04-15 18:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2018-05-13 20:47 - 2018-04-15 18:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2018-05-13 20:47 - 2018-04-15 17:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-05-13 20:47 - 2018-04-15 17:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-05-13 20:47 - 2018-04-15 17:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2018-05-13 20:47 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-05-13 20:47 - 2018-04-15 17:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2018-05-13 20:47 - 2018-04-15 17:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2018-05-13 20:47 - 2018-04-15 17:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-05-13 20:47 - 2018-04-15 17:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2018-05-13 20:47 - 2018-04-15 17:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2018-05-13 20:47 - 2018-04-15 17:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2018-05-13 20:47 - 2018-04-15 17:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-05-13 20:47 - 2018-04-15 17:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2018-05-13 20:47 - 2018-04-15 17:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2018-05-13 20:47 - 2018-04-15 17:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-05-13 20:47 - 2018-04-15 17:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-05-13 20:47 - 2018-04-15 17:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2018-05-13 20:47 - 2018-04-15 17:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-05-13 20:47 - 2018-04-15 16:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-05-13 20:47 - 2018-04-15 16:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-05-13 20:47 - 2018-04-15 16:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2018-05-13 20:47 - 2018-04-15 16:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-05-13 20:47 - 2018-04-15 16:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-05-13 20:47 - 2018-04-15 16:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2018-05-13 20:47 - 2018-04-15 16:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2018-05-13 20:47 - 2018-04-15 16:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2018-05-13 20:47 - 2018-04-15 16:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2018-05-13 20:47 - 2018-04-15 16:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2018-05-13 20:47 - 2018-04-15 16:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-05-13 20:47 - 2018-04-15 16:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-05-13 20:47 - 2018-04-15 16:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2018-05-13 20:47 - 2018-04-15 16:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2018-05-13 20:47 - 2018-04-15 16:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2018-05-13 20:47 - 2018-04-15 16:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-05-13 20:47 - 2018-04-15 16:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-05-13 20:47 - 2018-04-15 16:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-05-13 20:47 - 2018-04-15 16:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-05-13 20:47 - 2018-04-15 16:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2018-05-13 20:47 - 2018-04-15 16:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2018-05-13 20:47 - 2018-04-15 16:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2018-05-13 20:47 - 2018-04-15 16:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2018-05-13 20:47 - 2018-04-15 16:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-05-13 20:47 - 2018-04-15 16:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-05-13 20:47 - 2018-04-15 16:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2018-05-13 20:47 - 2018-04-15 16:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2018-05-13 20:47 - 2018-04-15 16:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2018-05-13 20:47 - 2018-04-15 16:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-05-13 20:47 - 2018-04-15 16:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-05-13 20:47 - 2018-04-15 16:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2018-05-13 20:47 - 2018-04-15 16:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2018-05-13 20:47 - 2018-04-15 16:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll 2018-05-13 20:47 - 2018-04-15 16:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2018-05-13 20:47 - 2018-04-15 16:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2018-05-13 20:47 - 2018-04-15 16:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2018-05-13 20:47 - 2018-04-15 16:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-05-13 20:47 - 2018-04-15 16:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2018-05-13 20:47 - 2018-04-15 16:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2018-05-13 20:47 - 2018-04-15 16:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2018-05-13 20:47 - 2018-04-15 16:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-05-13 20:47 - 2018-04-15 16:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-05-13 20:47 - 2018-04-15 16:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2018-05-13 20:47 - 2018-04-15 16:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2018-05-13 20:47 - 2018-04-15 16:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-05-13 20:47 - 2018-04-15 16:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2018-05-13 20:47 - 2018-04-15 16:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll 2018-05-13 20:47 - 2018-04-15 16:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2018-05-13 20:47 - 2018-04-15 16:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2018-05-13 20:47 - 2018-04-15 16:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2018-05-13 20:47 - 2018-04-15 16:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2018-05-13 20:47 - 2018-04-15 16:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2018-05-13 20:47 - 2018-04-15 16:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2018-05-13 20:47 - 2018-04-15 16:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-05-13 20:47 - 2018-04-15 16:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2018-05-13 20:46 - 2018-05-03 03:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-05-13 20:46 - 2018-05-03 03:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-05-13 20:46 - 2018-05-03 03:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-05-13 20:46 - 2018-05-03 03:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-05-13 20:46 - 2018-05-03 03:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-05-13 20:46 - 2018-05-03 03:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-05-13 20:46 - 2018-05-03 03:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-05-13 20:46 - 2018-05-03 03:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-05-13 20:46 - 2018-05-03 03:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-05-13 20:46 - 2018-05-03 03:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-05-13 20:46 - 2018-05-03 03:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-05-13 20:46 - 2018-05-03 03:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-05-13 20:46 - 2018-05-03 03:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-05-13 20:46 - 2018-05-03 03:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2018-05-13 20:46 - 2018-05-03 03:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-05-13 20:46 - 2018-05-03 03:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-05-13 20:46 - 2018-05-03 03:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-05-13 20:46 - 2018-05-03 03:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2018-05-13 20:46 - 2018-05-03 03:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-05-13 20:46 - 2018-05-03 03:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2018-05-13 20:46 - 2018-05-03 02:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2018-05-13 20:46 - 2018-05-03 02:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2018-05-13 20:46 - 2018-05-03 02:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-05-13 20:46 - 2018-05-03 02:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-05-13 20:46 - 2018-05-03 02:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-05-13 20:46 - 2018-05-03 02:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-05-13 20:46 - 2018-05-03 02:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll 2018-05-13 20:46 - 2018-05-03 02:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-05-13 20:46 - 2018-05-03 02:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2018-05-13 20:46 - 2018-05-03 02:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll 2018-05-13 20:46 - 2018-05-03 02:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2018-05-13 20:46 - 2018-05-03 02:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2018-05-13 20:46 - 2018-05-03 02:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2018-05-13 20:46 - 2018-05-03 02:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2018-05-13 20:46 - 2018-05-03 02:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-05-13 20:46 - 2018-05-03 02:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2018-05-13 20:46 - 2018-05-03 02:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2018-05-13 20:46 - 2018-05-03 02:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2018-05-13 20:46 - 2018-05-03 02:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2018-05-13 20:46 - 2018-05-03 02:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2018-05-13 20:46 - 2018-05-03 02:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2018-05-13 20:46 - 2018-05-03 01:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll 2018-05-13 20:46 - 2018-05-03 01:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll 2018-05-13 20:46 - 2018-05-03 01:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-05-13 20:46 - 2018-05-03 01:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2018-05-13 20:46 - 2018-05-03 01:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2018-05-13 20:46 - 2018-05-03 01:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-05-13 20:46 - 2018-05-03 01:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2018-05-13 20:46 - 2018-05-03 01:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2018-05-13 20:46 - 2018-05-03 01:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2018-05-13 20:46 - 2018-05-03 01:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-05-13 20:46 - 2018-04-15 17:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2018-05-13 20:46 - 2018-04-15 17:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2018-05-13 20:46 - 2018-04-15 17:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2018-05-13 20:46 - 2018-04-15 17:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2018-05-13 20:46 - 2018-04-15 17:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2018-05-13 20:46 - 2018-04-15 17:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe 2018-05-13 20:46 - 2018-04-15 17:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2018-05-13 20:46 - 2018-04-15 17:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2018-05-13 20:46 - 2018-04-15 17:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2018-05-13 20:46 - 2018-04-15 17:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2018-05-13 20:46 - 2018-04-15 17:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll 2018-05-13 20:46 - 2018-04-15 17:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe 2018-05-13 20:46 - 2018-04-15 17:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2018-05-13 20:46 - 2018-04-15 16:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2018-05-13 20:46 - 2018-04-15 16:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2018-05-13 20:46 - 2018-04-15 16:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2018-05-13 20:46 - 2018-04-15 16:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2018-05-13 20:46 - 2018-04-15 16:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2018-05-13 20:46 - 2018-04-15 16:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2018-05-13 20:46 - 2018-04-15 16:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2018-05-13 20:46 - 2018-04-15 16:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2018-05-13 20:46 - 2018-04-15 16:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2018-05-13 20:46 - 2018-04-15 16:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll 2018-05-13 20:46 - 2018-04-15 16:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe 2018-05-13 20:46 - 2018-04-15 16:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe 2018-05-13 20:46 - 2018-04-15 16:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2018-05-13 20:46 - 2018-04-15 16:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll 2018-05-13 20:46 - 2018-04-15 16:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2018-05-13 20:46 - 2018-04-15 16:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2018-05-13 20:46 - 2018-04-15 16:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll 2018-05-13 20:46 - 2018-04-15 16:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll 2018-05-13 20:46 - 2018-04-15 16:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll 2018-05-13 20:46 - 2018-04-15 16:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2018-05-13 20:46 - 2018-04-15 16:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2018-05-13 20:46 - 2018-04-15 16:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2018-05-13 20:46 - 2018-04-15 16:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2018-05-13 20:46 - 2018-04-15 16:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2018-05-13 20:46 - 2018-04-15 16:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll 2018-05-13 20:46 - 2018-04-15 16:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2018-05-13 20:46 - 2018-04-15 16:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2018-05-13 20:46 - 2018-04-15 16:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2018-05-13 20:46 - 2018-04-15 16:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2018-05-13 20:46 - 2018-04-15 16:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2018-05-13 20:46 - 2018-04-15 16:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2018-05-13 20:46 - 2018-04-15 16:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2018-05-13 20:46 - 2018-04-15 16:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2018-05-13 20:46 - 2018-04-15 16:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2018-05-13 20:46 - 2018-04-15 16:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2018-05-13 20:46 - 2018-04-15 16:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2018-05-13 20:46 - 2018-04-15 16:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2018-05-13 20:46 - 2018-04-15 16:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll 2018-05-13 20:46 - 2018-04-15 16:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2018-05-13 20:46 - 2018-04-15 16:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2018-05-13 20:46 - 2018-04-15 16:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2018-05-13 20:46 - 2018-04-15 16:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2018-05-13 20:46 - 2018-04-15 16:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2018-05-13 20:46 - 2018-04-15 16:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll 2018-05-13 20:46 - 2018-04-15 16:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2018-05-13 20:46 - 2018-04-15 16:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2018-05-13 20:46 - 2018-04-15 16:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2018-05-13 20:46 - 2018-04-15 16:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2018-05-13 20:46 - 2018-04-15 16:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2018-05-13 20:46 - 2018-04-15 15:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2018-05-13 20:46 - 2018-04-15 15:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2018-05-13 20:46 - 2018-04-15 15:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2018-05-13 20:46 - 2018-04-15 15:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2018-05-13 20:46 - 2017-11-26 09:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2018-05-07 22:12 - 2018-05-07 22:12 - 000000000 ____D C:\Users\Minjung\Documents\KakaoTalk Downloads 2018-05-07 22:08 - 2018-05-07 22:08 - 000001198 _____ C:\Users\Public\Desktop\KakaoTalk.lnk 2018-05-07 22:08 - 2018-05-07 22:08 - 000000000 ____D C:\Users\Minjung\AppData\Local\Kakao 2018-05-07 22:08 - 2018-05-07 22:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk 2018-05-07 22:07 - 2018-05-07 22:07 - 000000000 ____D C:\Program Files (x86)\Kakao 2018-05-07 21:51 - 2018-05-07 21:51 - 000000000 ____D C:\WINDOWS\PCHEALTH 2018-04-25 09:34 - 2018-05-11 23:10 - 000000000 ____D C:\Users\Minjung\Documents\MATLAB 2018-04-25 04:39 - 2018-04-26 19:06 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-04-25 04:30 - 2018-03-30 01:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2018-04-25 04:30 - 2018-03-30 01:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-04-25 04:30 - 2018-03-30 00:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2018-04-25 04:30 - 2018-03-30 00:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2018-04-25 04:30 - 2018-03-30 00:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2018-04-25 04:30 - 2018-03-29 23:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-04-25 04:30 - 2018-03-29 23:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-04-25 04:30 - 2018-03-29 23:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2018-04-25 04:30 - 2018-03-13 02:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-04-25 04:30 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2018-04-25 04:30 - 2018-03-01 01:51 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2018-04-25 04:30 - 2018-03-01 01:39 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2018-04-25 04:30 - 2018-02-21 22:10 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2018-04-25 04:30 - 2018-02-21 22:02 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys 2018-04-25 04:30 - 2018-02-21 22:00 - 000187296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2018-04-25 04:30 - 2018-02-21 21:51 - 000045472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2018-04-25 04:30 - 2018-02-10 02:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2018-04-25 04:30 - 2018-02-10 02:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2018-04-25 04:30 - 2018-02-10 01:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2018-04-25 04:30 - 2018-02-10 01:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2018-04-25 04:30 - 2018-02-10 01:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2018-04-25 04:30 - 2018-02-10 00:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-04-25 04:30 - 2018-02-10 00:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll 2018-04-25 04:30 - 2018-02-10 00:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-04-25 04:30 - 2018-02-10 00:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2018-04-25 04:30 - 2018-02-10 00:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2018-04-25 04:29 - 2018-03-30 08:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-04-25 04:29 - 2018-03-30 01:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2018-04-25 04:29 - 2018-03-30 01:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll 2018-04-25 04:29 - 2018-03-30 01:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys 2018-04-25 04:29 - 2018-03-30 01:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2018-04-25 04:29 - 2018-03-30 00:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2018-04-25 04:29 - 2018-03-30 00:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys 2018-04-25 04:29 - 2018-03-30 00:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-04-25 04:29 - 2018-03-30 00:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-04-25 04:29 - 2018-03-30 00:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2018-04-25 04:29 - 2018-03-29 23:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-04-25 04:29 - 2018-03-29 23:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe 2018-04-25 04:29 - 2018-03-29 23:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-04-25 04:29 - 2018-03-29 23:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys 2018-04-25 04:29 - 2018-03-29 23:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2018-04-25 04:29 - 2018-03-29 23:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2018-04-25 04:29 - 2018-03-29 23:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2018-04-25 04:29 - 2018-03-29 23:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2018-04-25 04:29 - 2018-03-29 23:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2018-04-25 04:29 - 2018-03-29 23:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2018-04-25 04:29 - 2018-03-29 23:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2018-04-25 04:29 - 2018-03-29 23:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-04-25 04:29 - 2018-03-29 23:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-04-25 04:29 - 2018-03-29 23:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2018-04-25 04:29 - 2018-03-29 23:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2018-04-25 04:29 - 2018-03-29 23:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2018-04-25 04:29 - 2018-03-28 15:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-04-25 04:29 - 2018-03-13 03:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2018-04-25 04:29 - 2018-03-13 02:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2018-04-25 04:29 - 2018-03-13 01:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2018-04-25 04:29 - 2018-03-13 01:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2018-04-25 04:29 - 2018-03-13 01:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2018-04-25 04:29 - 2018-03-13 01:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2018-04-25 04:29 - 2018-03-13 01:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2018-04-25 04:29 - 2018-03-13 01:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2018-04-25 04:29 - 2018-03-13 01:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2018-04-25 04:29 - 2018-03-13 01:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2018-04-25 04:29 - 2018-03-13 01:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2018-04-25 04:29 - 2018-03-13 01:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2018-04-25 04:29 - 2018-03-13 01:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2018-04-25 04:29 - 2018-03-13 01:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2018-04-25 04:29 - 2018-03-13 01:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2018-04-25 04:29 - 2018-03-13 01:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2018-04-25 04:29 - 2018-03-13 01:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2018-04-25 04:29 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2018-04-25 04:29 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2018-04-25 04:29 - 2018-03-01 23:36 - 017085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2018-04-25 04:29 - 2018-03-01 03:37 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-04-25 04:29 - 2018-03-01 03:30 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-04-25 04:29 - 2018-03-01 03:29 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2018-04-25 04:29 - 2018-03-01 03:17 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2018-04-25 04:29 - 2018-03-01 03:14 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2018-04-25 04:29 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-04-25 04:29 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2018-04-25 04:29 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-04-25 04:29 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll 2018-04-25 04:29 - 2018-03-01 01:49 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-04-25 04:29 - 2018-03-01 01:48 - 000543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2018-04-25 04:29 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-04-25 04:29 - 2018-03-01 01:46 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-04-25 04:29 - 2018-03-01 01:42 - 003505664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll 2018-04-25 04:29 - 2018-03-01 01:40 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-04-25 04:29 - 2018-03-01 01:39 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-04-25 04:29 - 2018-03-01 01:36 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-04-25 04:29 - 2018-02-21 20:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2018-04-25 04:29 - 2018-02-10 02:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2018-04-25 04:29 - 2018-02-10 02:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll 2018-04-25 04:29 - 2018-02-10 02:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2018-04-25 04:29 - 2018-02-10 02:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-04-25 04:29 - 2018-02-10 02:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-04-25 04:29 - 2018-02-10 02:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe 2018-04-25 04:29 - 2018-02-10 02:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2018-04-25 04:29 - 2018-02-10 02:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2018-04-25 04:29 - 2018-02-10 02:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2018-04-25 04:29 - 2018-02-10 02:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2018-04-25 04:29 - 2018-02-10 02:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2018-04-25 04:29 - 2018-02-10 02:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2018-04-25 04:29 - 2018-02-10 02:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2018-04-25 04:29 - 2018-02-10 02:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2018-04-25 04:29 - 2018-02-10 02:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2018-04-25 04:29 - 2018-02-10 02:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2018-04-25 04:29 - 2018-02-10 02:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2018-04-25 04:29 - 2018-02-10 02:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2018-04-25 04:29 - 2018-02-10 02:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2018-04-25 04:29 - 2018-02-10 02:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2018-04-25 04:29 - 2018-02-10 02:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2018-04-25 04:29 - 2018-02-10 02:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2018-04-25 04:29 - 2018-02-10 02:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe 2018-04-25 04:29 - 2018-02-10 02:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-04-25 04:29 - 2018-02-10 02:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-04-25 04:29 - 2018-02-10 02:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2018-04-25 04:29 - 2018-02-10 01:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2018-04-25 04:29 - 2018-02-10 01:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2018-04-25 04:29 - 2018-02-10 01:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-04-25 04:29 - 2018-02-10 01:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe 2018-04-25 04:29 - 2018-02-10 01:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2018-04-25 04:29 - 2018-02-10 01:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2018-04-25 04:29 - 2018-02-10 01:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2018-04-25 04:29 - 2018-02-10 01:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2018-04-25 04:29 - 2018-02-10 01:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2018-04-25 04:29 - 2018-02-10 01:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll 2018-04-25 04:29 - 2018-02-10 01:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2018-04-25 04:29 - 2018-02-10 01:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2018-04-25 04:29 - 2018-02-10 01:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2018-04-25 04:29 - 2018-02-10 00:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2018-04-25 04:29 - 2018-02-10 00:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2018-04-25 04:29 - 2018-02-10 00:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-04-25 04:29 - 2018-02-10 00:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2018-04-25 04:29 - 2018-02-10 00:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2018-04-25 04:29 - 2018-02-10 00:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-04-25 04:29 - 2018-02-10 00:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-04-25 04:29 - 2018-02-10 00:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2018-04-25 04:29 - 2018-02-10 00:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-04-25 04:29 - 2018-02-10 00:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-04-25 04:29 - 2018-02-10 00:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-04-25 04:29 - 2018-02-10 00:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll 2018-04-25 04:29 - 2018-02-10 00:40 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2018-04-25 04:29 - 2018-02-10 00:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2018-04-25 04:29 - 2018-02-10 00:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2018-04-25 04:29 - 2018-02-10 00:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-04-25 04:29 - 2018-02-10 00:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2018-04-25 04:29 - 2018-02-10 00:38 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2018-04-25 04:29 - 2018-02-10 00:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2018-04-25 04:29 - 2018-02-10 00:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-04-25 04:29 - 2018-02-10 00:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2018-04-25 04:29 - 2018-02-10 00:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2018-04-25 04:29 - 2018-02-10 00:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2018-04-25 04:29 - 2018-02-10 00:36 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2018-04-25 04:29 - 2018-02-10 00:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2018-04-25 04:29 - 2018-02-10 00:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2018-04-25 04:29 - 2018-02-10 00:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2018-04-25 04:29 - 2018-02-10 00:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll 2018-04-25 04:29 - 2018-02-10 00:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe 2018-04-25 04:29 - 2018-02-10 00:33 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2018-04-25 04:29 - 2018-02-10 00:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2018-04-25 04:29 - 2018-02-10 00:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2018-04-25 04:29 - 2018-02-10 00:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll 2018-04-25 04:29 - 2018-02-10 00:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe 2018-04-25 04:29 - 2018-02-10 00:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll 2018-04-25 04:29 - 2018-02-08 23:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2018-04-25 04:29 - 2018-02-01 23:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2018-04-25 04:29 - 2018-01-01 08:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2018-04-25 04:29 - 2018-01-01 08:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2018-04-25 04:29 - 2018-01-01 07:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2018-04-25 04:29 - 2018-01-01 07:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2018-04-25 04:29 - 2018-01-01 07:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2018-04-25 04:29 - 2018-01-01 07:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2018-04-25 04:29 - 2017-11-26 09:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2018-04-25 04:29 - 2017-11-26 07:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2018-04-25 04:28 - 2018-03-30 01:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2018-04-25 04:28 - 2018-03-30 01:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys 2018-04-25 04:28 - 2018-03-30 01:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys 2018-04-25 04:28 - 2018-03-30 01:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll 2018-04-25 04:28 - 2018-03-30 01:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll 2018-04-25 04:28 - 2018-03-30 01:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2018-04-25 04:28 - 2018-03-30 01:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-04-25 04:28 - 2018-03-30 01:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2018-04-25 04:28 - 2018-03-30 01:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-04-25 04:28 - 2018-03-30 01:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2018-04-25 04:28 - 2018-03-30 01:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll 2018-04-25 04:28 - 2018-03-30 01:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2018-04-25 04:28 - 2018-03-30 01:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys 2018-04-25 04:28 - 2018-03-30 01:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2018-04-25 04:28 - 2018-03-30 01:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys 2018-04-25 04:28 - 2018-03-30 00:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-04-25 04:28 - 2018-03-30 00:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys 2018-04-25 04:28 - 2018-03-30 00:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-04-25 04:28 - 2018-03-30 00:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2018-04-25 04:28 - 2018-03-30 00:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-04-25 04:28 - 2018-03-30 00:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2018-04-25 04:28 - 2018-03-30 00:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys 2018-04-25 04:28 - 2018-03-30 00:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll 2018-04-25 04:28 - 2018-03-30 00:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2018-04-25 04:28 - 2018-03-30 00:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys 2018-04-25 04:28 - 2018-03-30 00:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2018-04-25 04:28 - 2018-03-30 00:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll 2018-04-25 04:28 - 2018-03-30 00:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2018-04-25 04:28 - 2018-03-30 00:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll 2018-04-25 04:28 - 2018-03-30 00:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2018-04-25 04:28 - 2018-03-30 00:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys 2018-04-25 04:28 - 2018-03-30 00:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll 2018-04-25 04:28 - 2018-03-30 00:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2018-04-25 04:28 - 2018-03-30 00:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys 2018-04-25 04:28 - 2018-03-30 00:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys 2018-04-25 04:28 - 2018-03-30 00:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll 2018-04-25 04:28 - 2018-03-30 00:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2018-04-25 04:28 - 2018-03-30 00:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys 2018-04-25 04:28 - 2018-03-30 00:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys 2018-04-25 04:28 - 2018-03-30 00:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2018-04-25 04:28 - 2018-03-30 00:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys 2018-04-25 04:28 - 2018-03-30 00:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2018-04-25 04:28 - 2018-03-30 00:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2018-04-25 04:28 - 2018-03-30 00:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll 2018-04-25 04:28 - 2018-03-30 00:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-04-25 04:28 - 2018-03-30 00:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2018-04-25 04:28 - 2018-03-30 00:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-04-25 04:28 - 2018-03-30 00:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll 2018-04-25 04:28 - 2018-03-30 00:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll 2018-04-25 04:28 - 2018-03-30 00:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll 2018-04-25 04:28 - 2018-03-30 00:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll 2018-04-25 04:28 - 2018-03-30 00:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll 2018-04-25 04:28 - 2018-03-30 00:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2018-04-25 04:28 - 2018-03-30 00:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2018-04-25 04:28 - 2018-03-30 00:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2018-04-25 04:28 - 2018-03-30 00:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll 2018-04-25 04:28 - 2018-03-29 23:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2018-04-25 04:28 - 2018-03-29 23:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2018-04-25 04:28 - 2018-03-29 23:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll 2018-04-25 04:28 - 2018-03-29 23:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2018-04-25 04:28 - 2018-03-29 23:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe 2018-04-25 04:28 - 2018-03-29 23:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe 2018-04-25 04:28 - 2018-03-29 23:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2018-04-25 04:28 - 2018-03-29 23:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2018-04-25 04:28 - 2018-03-29 23:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2018-04-25 04:28 - 2018-03-29 23:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe 2018-04-25 04:28 - 2018-03-29 23:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2018-04-25 04:28 - 2018-03-29 23:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2018-04-25 04:28 - 2018-03-29 23:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll 2018-04-25 04:28 - 2018-03-29 23:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll 2018-04-25 04:28 - 2018-03-29 23:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2018-04-25 04:28 - 2018-03-29 23:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2018-04-25 04:28 - 2018-03-29 23:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2018-04-25 04:28 - 2018-03-29 23:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2018-04-25 04:28 - 2018-03-29 23:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll 2018-04-25 04:28 - 2018-03-29 23:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2018-04-25 04:28 - 2018-03-29 23:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll 2018-04-25 04:28 - 2018-03-29 23:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2018-04-25 04:28 - 2018-03-29 23:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2018-04-25 04:28 - 2018-03-29 23:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll 2018-04-25 04:28 - 2018-03-29 23:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-04-25 04:28 - 2018-03-29 23:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2018-04-25 04:28 - 2018-03-29 23:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-04-25 04:28 - 2018-03-29 23:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2018-04-25 04:28 - 2018-03-29 23:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-04-25 04:28 - 2018-03-29 23:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe 2018-04-25 04:28 - 2018-03-29 23:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2018-04-25 04:28 - 2018-03-29 23:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2018-04-25 04:28 - 2018-03-29 23:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys 2018-04-25 04:28 - 2018-03-29 23:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2018-04-25 04:28 - 2018-03-29 23:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe 2018-04-25 04:28 - 2018-03-29 23:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe 2018-04-25 04:28 - 2018-03-29 23:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2018-04-25 04:28 - 2018-03-29 23:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys 2018-04-25 04:28 - 2018-03-29 23:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe 2018-04-25 04:28 - 2018-03-29 23:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe 2018-04-25 04:28 - 2018-03-29 23:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys 2018-04-25 04:28 - 2018-03-29 23:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll 2018-04-25 04:28 - 2018-03-29 23:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe 2018-04-25 04:28 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe 2018-04-25 04:28 - 2018-03-29 23:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2018-04-25 04:28 - 2018-03-29 23:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2018-04-25 04:28 - 2018-03-29 23:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2018-04-25 04:28 - 2018-03-29 23:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2018-04-25 04:28 - 2018-03-29 23:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2018-04-25 04:28 - 2018-03-29 23:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2018-04-25 04:28 - 2018-03-29 23:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2018-04-25 04:28 - 2018-03-29 23:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll 2018-04-25 04:28 - 2018-03-29 23:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2018-04-25 04:28 - 2018-03-29 23:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll 2018-04-25 04:28 - 2018-03-29 23:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-04-25 04:28 - 2018-03-29 23:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-04-25 04:28 - 2018-03-29 23:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2018-04-25 04:28 - 2018-03-29 23:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2018-04-25 04:28 - 2018-03-29 23:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll 2018-04-25 04:28 - 2018-03-29 23:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-04-25 04:28 - 2018-03-29 23:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2018-04-25 04:28 - 2018-03-29 23:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2018-04-25 04:28 - 2018-03-29 23:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2018-04-25 04:28 - 2018-03-29 23:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2018-04-25 04:28 - 2018-03-29 23:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-04-25 04:28 - 2018-03-29 23:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2018-04-25 04:28 - 2018-03-29 23:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2018-04-25 04:28 - 2018-03-29 23:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2018-04-25 04:28 - 2018-03-29 23:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2018-04-25 04:28 - 2018-03-29 23:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-04-25 04:28 - 2018-03-29 23:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll 2018-04-25 04:28 - 2018-03-29 23:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll 2018-04-25 04:28 - 2018-03-29 23:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2018-04-25 04:28 - 2018-03-29 23:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys 2018-04-25 04:28 - 2018-03-29 23:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll 2018-04-25 04:28 - 2018-03-29 23:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys 2018-04-25 04:28 - 2018-03-29 23:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll 2018-04-25 04:28 - 2018-03-29 23:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys 2018-04-25 04:28 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll 2018-04-25 04:28 - 2018-03-29 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll 2018-04-25 04:28 - 2018-03-29 23:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys 2018-04-25 04:28 - 2018-03-13 02:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2018-04-25 04:28 - 2018-03-13 02:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2018-04-25 04:28 - 2018-03-13 02:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-04-25 04:28 - 2018-03-13 02:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-04-25 04:28 - 2018-03-13 02:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2018-04-25 04:28 - 2018-03-13 02:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2018-04-25 04:28 - 2018-03-13 02:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2018-04-25 04:28 - 2018-03-13 02:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2018-04-25 04:28 - 2018-03-13 02:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2018-04-25 04:28 - 2018-03-13 02:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll 2018-04-25 04:28 - 2018-03-13 02:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys 2018-04-25 04:28 - 2018-03-13 02:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2018-04-25 04:28 - 2018-03-13 02:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2018-04-25 04:28 - 2018-03-13 02:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-04-25 04:28 - 2018-03-13 02:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2018-04-25 04:28 - 2018-03-13 01:40 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2018-04-25 04:28 - 2018-03-13 01:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2018-04-25 04:28 - 2018-03-13 01:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2018-04-25 04:28 - 2018-03-13 01:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll 2018-04-25 04:28 - 2018-03-13 01:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll 2018-04-25 04:28 - 2018-03-13 01:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2018-04-25 04:28 - 2018-03-13 01:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-04-25 04:28 - 2018-03-13 01:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll 2018-04-25 04:28 - 2018-03-13 01:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-04-25 04:28 - 2018-03-13 01:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2018-04-25 04:28 - 2018-03-13 01:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2018-04-25 04:28 - 2018-03-13 01:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2018-04-25 04:28 - 2018-03-13 01:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2018-04-25 04:28 - 2018-03-13 01:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll 2018-04-25 04:28 - 2018-03-13 01:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2018-04-25 04:28 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll 2018-04-25 04:28 - 2018-03-13 01:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-04-25 04:28 - 2018-03-13 01:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2018-04-25 04:28 - 2018-03-13 01:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2018-04-25 04:28 - 2018-03-13 01:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2018-04-25 04:28 - 2018-03-13 01:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2018-04-25 04:28 - 2018-03-13 01:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2018-04-25 04:28 - 2018-03-13 01:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2018-04-25 04:28 - 2018-03-13 01:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll 2018-04-25 04:28 - 2018-03-13 01:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2018-04-25 04:28 - 2018-03-13 01:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2018-04-25 04:28 - 2018-03-13 01:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2018-04-25 04:28 - 2018-03-13 01:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2018-04-25 04:28 - 2018-03-13 01:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2018-04-25 04:28 - 2018-03-13 01:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2018-04-25 04:28 - 2018-03-13 01:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-04-25 04:28 - 2018-03-13 01:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2018-04-25 04:28 - 2018-03-13 01:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-04-25 04:28 - 2018-03-13 01:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2018-04-25 04:28 - 2018-03-13 01:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2018-04-25 04:28 - 2018-03-13 01:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2018-04-25 04:28 - 2018-03-13 01:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll 2018-04-25 04:28 - 2018-03-13 01:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2018-04-25 04:28 - 2018-03-13 01:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2018-04-25 04:28 - 2018-03-13 01:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2018-04-25 04:28 - 2018-03-13 01:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe 2018-04-25 04:28 - 2018-03-13 01:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll 2018-04-25 04:28 - 2018-03-13 01:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll 2018-04-25 04:28 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2018-04-25 04:28 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2018-04-25 04:28 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2018-04-25 04:28 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll 2018-04-25 04:28 - 2018-03-13 00:43 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2018-04-25 04:28 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2018-04-25 04:28 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2018-04-25 04:28 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll 2018-04-25 04:28 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2018-04-25 04:28 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2018-04-25 04:28 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-04-25 04:28 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll 2018-04-25 04:28 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2018-04-25 04:28 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2018-04-25 04:28 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2018-04-25 04:28 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2018-04-25 04:28 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2018-04-25 04:28 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2018-04-25 04:28 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2018-04-25 04:28 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2018-04-25 04:28 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2018-04-25 04:28 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2018-04-25 04:28 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2018-04-25 04:28 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2018-04-25 04:28 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2018-04-25 04:28 - 2018-03-13 00:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-04-25 04:28 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2018-04-25 04:28 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2018-04-25 04:28 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2018-04-25 04:28 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2018-04-25 04:28 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2018-04-25 04:28 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2018-04-25 04:28 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll 2018-04-25 04:28 - 2018-03-01 23:02 - 000037888 _____ C:\WINDOWS\system32\SpectrumSyncClient.dll 2018-04-25 04:28 - 2018-03-01 23:01 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-04-25 04:28 - 2018-03-01 23:00 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Feedback.Analog.dll 2018-04-25 04:28 - 2018-03-01 23:00 - 000248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\svf.dll 2018-04-25 04:28 - 2018-03-01 23:00 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-04-25 04:28 - 2018-03-01 16:28 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-04-25 04:28 - 2018-03-01 03:19 - 000710768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-04-25 04:28 - 2018-03-01 03:14 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll 2018-04-25 04:28 - 2018-03-01 03:12 - 000250264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2018-04-25 04:28 - 2018-03-01 03:12 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll 2018-04-25 04:28 - 2018-03-01 03:11 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-04-25 04:28 - 2018-03-01 03:10 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll 2018-04-25 04:28 - 2018-03-01 03:10 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys 2018-04-25 04:28 - 2018-03-01 02:29 - 000574960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-04-25 04:28 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2018-04-25 04:28 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWSnapin.dll 2018-04-25 04:28 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2018-04-25 04:28 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll 2018-04-25 04:28 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll 2018-04-25 04:28 - 2018-03-01 01:53 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2018-04-25 04:28 - 2018-03-01 01:53 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll 2018-04-25 04:28 - 2018-03-01 01:53 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-04-25 04:28 - 2018-03-01 01:53 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\UsoClient.exe 2018-04-25 04:28 - 2018-03-01 01:49 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2018-04-25 04:28 - 2018-03-01 01:47 - 000579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll 2018-04-25 04:28 - 2018-03-01 01:47 - 000484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2018-04-25 04:28 - 2018-03-01 01:39 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll 2018-04-25 04:28 - 2018-02-21 22:07 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys 2018-04-25 04:28 - 2018-02-21 21:52 - 000103328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-04-25 04:28 - 2018-02-21 21:51 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys 2018-04-25 04:28 - 2018-02-21 21:50 - 000229272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-04-25 04:28 - 2018-02-21 20:30 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-04-25 04:28 - 2018-02-21 20:27 - 001282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-04-25 04:28 - 2018-02-21 20:25 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2018-04-25 04:28 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-04-25 04:28 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2018-04-25 04:28 - 2018-02-10 02:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe 2018-04-25 04:28 - 2018-02-10 02:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2018-04-25 04:28 - 2018-02-10 02:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2018-04-25 04:28 - 2018-02-10 02:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2018-04-25 04:28 - 2018-02-10 02:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2018-04-25 04:28 - 2018-02-10 02:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll 2018-04-25 04:28 - 2018-02-10 02:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2018-04-25 04:28 - 2018-02-10 02:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll 2018-04-25 04:28 - 2018-02-10 02:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2018-04-25 04:28 - 2018-02-10 02:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2018-04-25 04:28 - 2018-02-10 02:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2018-04-25 04:28 - 2018-02-10 02:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2018-04-25 04:28 - 2018-02-10 02:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-04-25 04:28 - 2018-02-10 02:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-04-25 04:28 - 2018-02-10 02:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll 2018-04-25 04:28 - 2018-02-10 02:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll 2018-04-25 04:28 - 2018-02-10 01:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2018-04-25 04:28 - 2018-02-10 01:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2018-04-25 04:28 - 2018-02-10 01:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2018-04-25 04:28 - 2018-02-10 01:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2018-04-25 04:28 - 2018-02-10 01:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2018-04-25 04:28 - 2018-02-10 01:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll 2018-04-25 04:28 - 2018-02-10 01:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll 2018-04-25 04:28 - 2018-02-10 01:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll 2018-04-25 04:28 - 2018-02-10 00:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-04-25 04:28 - 2018-02-10 00:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys 2018-04-25 04:28 - 2018-02-10 00:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys 2018-04-25 04:28 - 2018-02-10 00:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll 2018-04-25 04:28 - 2018-02-10 00:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll 2018-04-25 04:28 - 2018-02-10 00:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-04-25 04:28 - 2018-02-10 00:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll 2018-04-25 04:28 - 2018-02-10 00:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2018-04-25 04:28 - 2018-02-10 00:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll 2018-04-25 04:28 - 2018-02-10 00:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe 2018-04-25 04:28 - 2018-02-10 00:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe 2018-04-25 04:28 - 2018-02-10 00:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2018-04-25 04:28 - 2018-02-10 00:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll 2018-04-25 04:28 - 2018-02-10 00:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll 2018-04-25 04:28 - 2018-02-10 00:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll 2018-04-25 04:28 - 2018-02-10 00:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2018-04-25 04:28 - 2018-02-10 00:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2018-04-25 04:28 - 2018-02-10 00:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll 2018-04-25 04:28 - 2018-02-10 00:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2018-04-25 04:28 - 2018-02-10 00:42 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2018-04-25 04:28 - 2018-02-10 00:42 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll 2018-04-25 04:28 - 2018-02-10 00:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe 2018-04-25 04:28 - 2018-02-10 00:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll 2018-04-25 04:28 - 2018-02-10 00:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2018-04-25 04:28 - 2018-02-10 00:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2018-04-25 04:28 - 2018-02-10 00:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2018-04-25 04:28 - 2018-02-10 00:40 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll 2018-04-25 04:28 - 2018-02-10 00:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2018-04-25 04:28 - 2018-02-10 00:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl 2018-04-25 04:28 - 2018-02-10 00:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe 2018-04-25 04:28 - 2018-02-10 00:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2018-04-25 04:28 - 2018-02-10 00:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2018-04-25 04:28 - 2018-02-10 00:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll 2018-04-25 04:28 - 2018-02-10 00:38 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2018-04-25 04:28 - 2018-02-10 00:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll 2018-04-25 04:28 - 2018-02-10 00:37 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll 2018-04-25 04:28 - 2018-02-10 00:37 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2018-04-25 04:28 - 2018-02-10 00:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2018-04-25 04:28 - 2018-02-10 00:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll 2018-04-25 04:28 - 2018-02-10 00:36 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2018-04-25 04:28 - 2018-02-10 00:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll 2018-04-25 04:28 - 2018-02-10 00:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe 2018-04-25 04:28 - 2018-02-10 00:34 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL 2018-04-25 04:28 - 2018-02-10 00:34 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL 2018-04-25 04:28 - 2018-02-10 00:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll 2018-04-25 04:28 - 2018-02-10 00:33 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll 2018-04-25 04:28 - 2018-02-10 00:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2018-04-25 04:28 - 2018-02-10 00:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-04-25 04:28 - 2018-02-10 00:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll 2018-04-25 04:28 - 2018-02-10 00:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-04-25 04:28 - 2018-02-10 00:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL 2018-04-25 04:28 - 2018-02-10 00:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL 2018-04-25 04:28 - 2018-02-10 00:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll 2018-04-25 04:28 - 2018-02-10 00:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll 2018-04-25 04:28 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-04-25 04:28 - 2018-02-09 22:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls 2018-04-25 04:28 - 2018-02-08 23:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2018-04-25 04:28 - 2018-02-08 23:35 - 001002952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2018-04-25 04:28 - 2018-02-08 23:35 - 000892872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2018-04-25 04:28 - 2018-02-08 23:35 - 000065992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2018-04-25 04:28 - 2018-02-01 23:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2018-04-25 04:28 - 2018-02-01 23:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2018-04-25 04:28 - 2018-02-01 23:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2018-04-25 04:28 - 2018-02-01 23:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2018-04-25 04:28 - 2018-01-01 08:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys 2018-04-25 04:28 - 2018-01-01 07:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2018-04-25 04:28 - 2018-01-01 07:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll 2018-04-25 04:28 - 2018-01-01 07:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2018-04-25 04:28 - 2018-01-01 07:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys 2018-04-25 04:28 - 2018-01-01 07:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2018-04-25 04:28 - 2018-01-01 07:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll 2018-04-25 04:28 - 2018-01-01 07:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys 2018-04-25 04:28 - 2018-01-01 07:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2018-04-25 04:28 - 2018-01-01 07:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll 2018-04-25 04:28 - 2018-01-01 07:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll 2018-04-25 04:28 - 2018-01-01 07:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2018-04-25 04:28 - 2018-01-01 07:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll 2018-04-25 04:28 - 2018-01-01 07:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll 2018-04-25 04:28 - 2018-01-01 07:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2018-04-25 04:28 - 2018-01-01 07:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll 2018-04-25 04:28 - 2018-01-01 07:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll 2018-04-25 04:28 - 2018-01-01 07:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll 2018-04-25 04:28 - 2018-01-01 07:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2018-04-25 04:28 - 2018-01-01 07:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll 2018-04-25 04:28 - 2018-01-01 07:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2018-04-25 04:28 - 2018-01-01 07:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2018-04-25 04:28 - 2018-01-01 07:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll 2018-04-25 04:28 - 2018-01-01 07:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll 2018-04-25 00:39 - 2018-04-25 00:39 - 000003836 _____ C:\WINDOWS\System32\Tasks\MATLAB R2018a Startup Accelerator 2018-04-25 00:39 - 2018-04-25 00:39 - 000001360 _____ C:\Users\Public\Desktop\MATLAB R2018a.lnk 2018-04-25 00:39 - 2018-04-25 00:39 - 000000566 _____ C:\WINDOWS\Tasks\MATLAB R2018a Startup Accelerator.job 2018-04-25 00:39 - 2018-04-25 00:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2018a 2018-04-25 00:39 - 2018-04-25 00:39 - 000000000 ____D C:\ProgramData\MathWorks 2018-04-24 22:58 - 2018-04-24 22:58 - 000000000 ____D C:\Users\Minjung\Downloads\MathWorks 2018-04-24 22:56 - 2018-04-24 22:56 - 000000000 ____D C:\Program Files\MATLAB 2018-04-24 08:34 - 2018-04-24 08:34 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2018-04-24 08:33 - 2018-04-24 08:33 - 000000000 ___HD C:\Users\Minjung\MicrosoftEdgeBackups 2018-04-24 08:33 - 2018-04-24 08:33 - 000000000 ____D C:\Users\Minjung\AppData\Local\DBG 2018-04-24 08:32 - 2018-04-24 21:20 - 000000000 ____D C:\Users\Minjung\AppData\Local\ConnectedDevicesPlatform 2018-04-24 08:32 - 2018-04-24 08:32 - 000000020 ___SH C:\Users\Minjung\ntuser.ini 2018-04-24 04:57 - 2018-04-24 05:00 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2018-04-24 04:57 - 2018-04-24 04:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2018-04-24 04:55 - 2018-04-24 04:55 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2018-04-24 04:52 - 2018-05-20 20:18 - 000903142 _____ C:\WINDOWS\system32\perfh007.dat 2018-04-24 04:52 - 2018-05-20 20:18 - 000283994 _____ C:\WINDOWS\system32\perfc007.dat 2018-04-24 04:52 - 2018-04-24 04:52 - 000306166 _____ C:\WINDOWS\system32\perfi007.dat 2018-04-24 04:52 - 2018-04-24 04:52 - 000040520 _____ C:\WINDOWS\system32\perfd007.dat 2018-04-24 04:52 - 2018-04-24 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\de 2018-04-24 04:52 - 2018-04-24 04:52 - 000000000 ____D C:\WINDOWS\system32\de 2018-04-24 04:49 - 2018-05-20 20:18 - 000978880 _____ C:\WINDOWS\system32\perfh012.dat 2018-04-24 04:49 - 2018-05-20 20:18 - 000271188 _____ C:\WINDOWS\system32\perfc012.dat 2018-04-24 04:49 - 2018-04-24 04:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ko 2018-04-24 04:49 - 2018-04-24 04:49 - 000000000 ____D C:\WINDOWS\system32\ko 2018-04-24 04:49 - 2018-04-24 04:48 - 000159618 _____ C:\WINDOWS\system32\perfi012.dat 2018-04-24 04:49 - 2018-04-24 04:48 - 000033406 _____ C:\WINDOWS\system32\perfd012.dat 2018-04-24 04:45 - 2018-05-20 20:18 - 000648920 _____ C:\WINDOWS\system32\perfh011.dat 2018-04-24 04:45 - 2018-05-20 20:18 - 000267010 _____ C:\WINDOWS\system32\perfc011.dat 2018-04-24 04:45 - 2018-04-24 04:52 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer 2018-04-24 04:45 - 2018-04-24 04:45 - 000144624 _____ C:\WINDOWS\system32\perfi011.dat 2018-04-24 04:45 - 2018-04-24 04:45 - 000033402 _____ C:\WINDOWS\system32\perfd011.dat 2018-04-24 04:45 - 2018-04-24 04:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ja 2018-04-24 04:45 - 2018-04-24 04:45 - 000000000 ____D C:\WINDOWS\system32\ja 2018-04-24 04:42 - 2018-04-24 04:42 - 000000000 ____D C:\Program Files\Reference Assemblies 2018-04-24 04:42 - 2018-04-24 04:42 - 000000000 ____D C:\Program Files\MSBuild 2018-04-24 04:42 - 2018-04-24 04:42 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2018-04-24 04:42 - 2018-04-24 04:42 - 000000000 ____D C:\Program Files (x86)\MSBuild 2018-04-24 04:41 - 2017-09-28 23:05 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0007.dll 2018-04-24 04:41 - 2017-09-28 23:04 - 011602432 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0007.dll 2018-04-24 04:41 - 2017-09-28 23:03 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll 2018-04-24 04:41 - 2017-09-28 22:55 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0007.dll 2018-04-24 04:41 - 2017-09-28 22:44 - 012039168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0007.dll 2018-04-24 04:41 - 2017-09-28 22:43 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll 2018-04-24 04:41 - 2017-09-28 22:42 - 001993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0007.dll 2018-04-24 04:41 - 2017-09-28 19:50 - 012023100 _____ C:\WINDOWS\system32\korwbrkr.lex 2018-04-24 04:41 - 2017-09-28 19:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2018-04-24 04:41 - 2017-09-28 19:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2018-04-24 04:41 - 2017-09-28 19:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2018-04-24 04:41 - 2017-09-22 22:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2018-04-24 04:41 - 2017-09-22 22:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2018-04-24 04:41 - 2017-09-22 22:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2018-04-24 04:40 - 2017-09-28 23:05 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll 2018-04-24 04:40 - 2017-09-28 23:05 - 007702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll 2018-04-24 04:40 - 2017-09-28 23:05 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000c.dll 2018-04-24 04:40 - 2017-09-28 23:05 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0010.dll 2018-04-24 04:40 - 2017-09-28 23:05 - 002454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll 2018-04-24 04:40 - 2017-09-28 23:03 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0010.dll 2018-04-24 04:40 - 2017-09-28 23:02 - 009674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll 2018-04-24 04:40 - 2017-09-28 23:02 - 007407616 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll 2018-04-24 04:40 - 2017-09-28 23:02 - 002352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000c.dll 2018-04-24 04:40 - 2017-09-28 23:02 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll 2018-04-24 04:40 - 2017-09-28 23:00 - 004434432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll 2018-04-24 04:40 - 2017-09-28 22:44 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll 2018-04-24 04:40 - 2017-09-28 22:44 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000c.dll 2018-04-24 04:40 - 2017-09-28 22:44 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0010.dll 2018-04-24 04:40 - 2017-09-28 22:43 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0010.dll 2018-04-24 04:40 - 2017-09-28 22:42 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll 2018-04-24 04:40 - 2017-09-28 22:42 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll 2018-04-24 04:40 - 2017-09-28 22:41 - 009559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll 2018-04-24 04:40 - 2017-09-28 22:41 - 007246336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll 2018-04-24 04:40 - 2017-09-28 22:41 - 002264576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000c.dll 2018-04-24 04:40 - 2017-09-28 19:50 - 000002060 _____ C:\WINDOWS\system32\noise.jpn 2018-04-24 01:16 - 2018-04-24 01:16 - 000000000 ____D C:\ProgramData\USOShared 2018-04-24 01:13 - 2018-05-20 20:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-24 01:13 - 2018-05-20 02:05 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7CD119BE-5683-4770-A4EA-04A9D9C5D120} 2018-04-24 01:13 - 2018-05-20 00:41 - 000003986 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-04-24 01:13 - 2018-05-20 00:41 - 000003754 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-04-24 01:13 - 2018-05-17 23:58 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2018-04-24 01:13 - 2018-05-17 23:58 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2018-04-24 01:13 - 2018-04-30 22:44 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-366476898-4255595637-1063196365-1001 2018-04-24 01:13 - 2018-04-24 01:13 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2018-04-24 01:13 - 2018-04-24 01:13 - 000007623 _____ C:\WINDOWS\diagerr.xml 2018-04-24 01:13 - 2018-04-24 01:13 - 000003762 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-04-24 01:13 - 2018-04-24 01:13 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2018-04-24 01:13 - 2018-04-24 01:13 - 000002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-366476898-4255595637-1063196365-1001 2018-04-24 01:13 - 2018-04-24 01:13 - 000002876 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-366476898-4255595637-1063196365-500 2018-04-24 01:13 - 2018-04-24 01:13 - 000002808 _____ C:\WINDOWS\System32\Tasks\GfxHotFixDia 2018-04-24 01:13 - 2018-04-24 01:13 - 000002662 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2018-04-24 01:13 - 2018-04-24 01:13 - 000002568 _____ C:\WINDOWS\System32\Tasks\ShutdownOpt 2018-04-24 01:13 - 2018-04-24 01:13 - 000002462 _____ C:\WINDOWS\System32\Tasks\SamsungLinkTray 2018-04-24 01:13 - 2018-04-24 01:13 - 000002440 _____ C:\WINDOWS\System32\Tasks\{7CD35283-D035-4165-B7D0-D80B6183720F} 2018-04-24 01:13 - 2018-04-24 01:13 - 000002388 _____ C:\WINDOWS\System32\Tasks\{749EA34A-4BD8-478C-822F-5431F8C853ED} 2018-04-24 01:13 - 2018-04-24 01:13 - 000002384 _____ C:\WINDOWS\System32\Tasks\SAgent 2018-04-24 01:13 - 2018-04-24 01:13 - 000002316 _____ C:\WINDOWS\System32\Tasks\ColorEngine 2018-04-24 01:13 - 2018-04-24 01:13 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL 2018-04-24 01:13 - 2018-04-24 01:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD 2018-04-24 01:13 - 2018-04-24 01:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\SecTimeSync 2018-04-24 01:13 - 2018-04-24 01:13 - 000000000 ____D C:\WINDOWS\System32\Tasks\Samsung 2018-04-24 01:13 - 2015-02-06 06:56 - 000003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1543705101-1839907375-392958678-500 2018-04-24 01:13 - 2015-02-06 06:30 - 000003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1125575734-1109485877-3894886682-500 2018-04-24 01:09 - 2018-04-24 01:09 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2018-04-24 01:06 - 2018-04-26 22:40 - 000000000 ____D C:\Users\Minjung 2018-04-24 01:04 - 2018-03-13 01:02 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2018-04-24 01:04 - 2017-02-09 17:53 - 000103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2018-04-24 01:04 - 2017-02-09 17:53 - 000099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2018-04-24 01:03 - 2018-05-20 15:43 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-04-24 01:03 - 2018-05-14 08:33 - 002219424 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-04-23 23:35 - 2018-04-23 23:40 - 000000036 _____ C:\WINDOWS\progress.ini ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-05-20 21:21 - 2015-06-22 06:16 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\Skype 2018-05-20 20:18 - 2015-08-07 22:55 - 004531964 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-05-20 20:13 - 2015-10-22 22:12 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\BitTorrent 2018-05-20 20:12 - 2015-08-07 22:43 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-05-20 20:12 - 2015-06-22 05:42 - 000000000 __SHD C:\Users\Minjung\IntelGraphicsProfiles 2018-05-20 20:11 - 2017-09-29 04:45 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-05-20 18:21 - 2017-09-29 04:45 - 067895296 _____ C:\WINDOWS\system32\config\HARDWARE 2018-05-20 16:26 - 2015-07-15 20:59 - 000000000 ___RD C:\Users\Minjung\Dropbox (Personal) 2018-05-20 16:17 - 2017-09-29 09:44 - 000000000 ____D C:\WINDOWS\INF 2018-05-20 01:16 - 2015-07-15 20:56 - 000000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-05-20 01:16 - 2015-07-15 20:56 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-05-20 00:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-05-20 00:41 - 2015-11-08 22:58 - 000000000 ____D C:\Users\Minjung\AppData\LocalLow\IPinside 2018-05-18 23:17 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-05-18 23:16 - 2017-09-29 09:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-05-15 23:09 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\rescache 2018-05-14 23:44 - 2015-06-22 07:45 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2018-05-14 22:49 - 2015-07-15 20:56 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-05-14 08:34 - 2015-09-16 00:05 - 000000000 ___RD C:\Users\Minjung\3D Objects 2018-05-14 08:34 - 2015-06-10 11:03 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-05-14 01:02 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-05-14 01:02 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-05-14 01:02 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\servicing 2018-05-13 21:08 - 2015-07-05 13:31 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-05-13 21:05 - 2017-10-11 20:11 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-05-13 21:05 - 2017-09-29 09:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-05-13 21:05 - 2015-07-05 13:31 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-05-13 21:02 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2018-05-13 20:50 - 2017-09-29 09:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-05-13 20:50 - 2017-09-29 09:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2018-05-13 20:50 - 2017-09-29 09:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2018-05-13 20:49 - 2017-09-29 09:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2018-05-13 12:48 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-05-07 21:50 - 2013-08-22 09:25 - 000000269 _____ C:\WINDOWS\win.ini 2018-05-06 21:09 - 2015-06-22 05:42 - 000000000 ____D C:\Users\Minjung\AppData\Local\Packages 2018-05-01 17:25 - 2017-09-29 09:49 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-05-01 17:25 - 2017-09-29 09:49 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2018-04-30 22:44 - 2015-08-07 22:56 - 000002406 _____ C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-04-30 22:44 - 2015-06-22 05:46 - 000000000 ___RD C:\Users\Minjung\OneDrive 2018-04-28 01:04 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-04-28 00:32 - 2015-06-22 05:42 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\Adobe 2018-04-25 05:09 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-04-25 05:09 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-04-25 05:09 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\TextInput 2018-04-25 05:09 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\migwiz 2018-04-25 05:09 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-04-25 05:08 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Provisioning 2018-04-25 05:08 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-04-25 04:38 - 2017-09-29 09:46 - 000000000 ___RD C:\Program Files\Windows Defender 2018-04-25 03:20 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\appcompat 2018-04-24 08:33 - 2018-03-30 01:08 - 000000000 ____D C:\Windows10Upgrade 2018-04-24 08:33 - 2015-08-07 22:52 - 000000000 ____D C:\Users\Minjung\AppData\Local\TileDataLayer 2018-04-24 05:03 - 2017-09-29 09:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2018-04-24 05:00 - 2018-04-09 21:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INCAInternet 2018-04-24 05:00 - 2017-11-18 12:48 - 000000000 ____D C:\WINDOWS\system32\MpEngineStore 2018-04-24 05:00 - 2017-09-29 09:49 - 000000000 ____D C:\WINDOWS\Setup 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 __RHD C:\Users\Public\Libraries 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\spool 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Resources 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\InputMethod 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-04-24 05:00 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Common Files\system 2018-04-24 05:00 - 2017-09-04 08:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-04-24 05:00 - 2016-09-15 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-04-24 05:00 - 2016-05-09 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9 2018-04-24 05:00 - 2015-08-07 22:42 - 000000000 ____D C:\Program Files\Intel 2018-04-24 05:00 - 2015-07-24 22:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alzip 2018-04-24 05:00 - 2015-07-10 09:14 - 000000000 ____D C:\WINDOWS\ShellNew 2018-04-24 05:00 - 2015-07-10 07:04 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2018-04-24 05:00 - 2015-06-22 07:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2018-04-24 05:00 - 2015-06-22 07:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2 2018-04-24 05:00 - 2015-02-05 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2018-04-24 05:00 - 2015-02-05 23:27 - 000000000 ____D C:\WINDOWS\system32\ihvmanager 2018-04-24 05:00 - 2013-08-22 11:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-04-24 05:00 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared 2018-04-24 05:00 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared 2018-04-24 04:57 - 2015-12-04 03:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco 2018-04-24 04:57 - 2015-08-07 22:43 - 000000000 ____D C:\WINDOWS\system32\SRSLabs 2018-04-24 04:57 - 2015-08-07 22:43 - 000000000 ____D C:\Program Files\Realtek 2018-04-24 04:57 - 2015-06-22 07:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum 2018-04-24 04:57 - 2015-02-05 23:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\system32\winrm 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\system32\WCN 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\system32\slmgr 2018-04-24 04:52 - 2017-09-29 10:41 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ___SD C:\WINDOWS\system32\dsc 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\MUI 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\com 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\IME 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Help 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2018-04-24 04:52 - 2017-09-29 09:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2018-04-24 04:41 - 2017-09-29 10:42 - 000000000 ____D C:\WINDOWS\OCR 2018-04-24 01:16 - 2017-09-29 09:46 - 000000000 ____D C:\ProgramData\USOPrivate 2018-04-24 01:15 - 2016-10-08 11:00 - 000000000 ___HD C:\$GetCurrent 2018-04-24 01:15 - 2015-08-11 21:40 - 000000258 __RSH C:\ProgramData\ntuser.pol 2018-04-24 01:14 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2018-04-24 01:13 - 2017-09-29 09:46 - 000000000 ____D C:\WINDOWS\Registration 2018-04-24 01:13 - 2017-09-29 04:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2018-04-24 01:12 - 2015-08-07 22:51 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat 2018-04-24 01:09 - 2017-02-14 21:30 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\POV-Ray for Windows v3.7 2018-04-24 01:07 - 2016-05-09 19:50 - 000000000 ____D C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker 2018-04-24 01:07 - 2015-08-07 12:00 - 000000000 ___RD C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2018-04-24 01:06 - 2017-09-29 04:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2018-04-24 01:05 - 2017-09-29 09:46 - 000000000 ___RD C:\WINDOWS\PrintDialog 2018-04-24 01:05 - 2015-08-07 22:43 - 000000000 ____D C:\WINDOWS\SysWOW64\sda 2018-04-24 01:05 - 2015-08-07 22:43 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2018-04-24 01:04 - 2015-08-07 22:43 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2018-04-24 01:04 - 2015-06-11 03:18 - 000000000 ____D C:\Program Files\Elantech 2018-04-23 22:26 - 2017-11-19 01:03 - 000000807 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk 2018-04-23 22:10 - 2015-06-22 05:47 - 000000000 ____D C:\Users\Minjung\AppData\Local\CrashDumps Some files in TEMP: ==================== 2018-05-20 20:16 - 2018-04-15 17:49 - 001954056 _____ (Microsoft Corporation) C:\Users\Minjung\AppData\Local\Temp\dllnt_dump.dll 2018-05-20 01:03 - 2018-05-20 01:03 - 000100864 _____ () C:\Users\Minjung\AppData\Local\Temp\SppExtComObjHook.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-15 23:08 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 Ran by Minjung (20-05-2018 21:47:28) Running from C:\Users\Minjung\Desktop Windows 10 Home Version 1709 16299.431 (X64) (2018-04-24 05:15:30) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-366476898-4255595637-1063196365-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-366476898-4255595637-1063196365-503 - Limited - Disabled) Guest (S-1-5-21-366476898-4255595637-1063196365-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-366476898-4255595637-1063196365-1003 - Limited - Enabled) Minjung (S-1-5-21-366476898-4255595637-1063196365-1001 - Administrator - Enabled) => C:\Users\Minjung WDAGUtilityAccount (S-1-5-21-366476898-4255595637-1063196365-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ¾ËÅøÁî ¾÷µ¥ÀÌÆ® (HKLM-x32\...\ALUpdate_is1) (Version: v14.08 - ESTsoft Corp.) ¾ËÁý 9.66 (HKLM-x32\...\ALZip_is1) (Version: v9.66 - ESTsoft Corp.) Adobe Acrobat X Pro - Korean (HKLM-x32\...\{AC76BA86-1042-0000-7760-000000000005}) (Version: 10.1.15 - Adobe Systems) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated) AhnLab Online Security (HKLM-x32\...\AhnLab Online Security) (Version: - AhnLab, Inc) Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.) Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.) BitTorrent (HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CertAid for Windows (HKLM-x32\...\{CB8E8BB5-5FCD-43AB-98C6-17C017EAF504}) (Version: 2.1.0.0 - MIT IS&T) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.08005 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{5C81E1E1-9947-4466-A573-52C1907CF00B}) (Version: 4.1.08005 - Cisco Systems, Inc.) Hidden ColorEngine (HKLM-x32\...\{BE075478-C2A9-4F37-AB91-205C966D9848}) (Version: 3.0 - Samsung Electronics CO., LTD.) Daum 팟플레이어 (HKLM-x32\...\PotPlayer) (Version: - Kakao Corp.) Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden INISAFE Web v6.4 (HKLM-x32\...\UnINISafeWeb64) (Version: 6 - Initech (c).) Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1054 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation) IPinside Agent (HKLM-x32\...\IPinside Agent) (Version: 1.0.2.9 - interezen) IPinside LWS Agent (HKLM-x32\...\IPinside LWS Agent) (Version: 3.0.0.3 - interezen) iTunes (HKLM\...\{1D7D1271-5258-4F5A-B8C1-7176BF398782}) (Version: 12.7.3.46 - Apple Inc.) KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.6.5.1762 - Kakao Corp.) Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) MATLAB R2018a (HKLM\...\Matlab R2018a) (Version: 9.4 - MathWorks) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org) Naver Live Streaming Service (HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\NLiveCast) (Version: 2.1.0.33 - NAVER Corp.) nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2018.4.6.1 - INCA Internet Co., Ltd.) Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden POV-Ray for Windows v3.7 (HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\POV-Ray for Windows v3.7) (Version: 3.7 - Persistence of Vision Raytracer Pty. Ltd.) Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 5.0.0.471 - Qualcomm Atheros Communications) Qualcomm Atheros 61x4 Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.0.0744 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39062 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Recovery (HKLM\...\{CB82C1C0-C6DA-4734-83DC-DA02F59554CC}) (Version: 7.0.5 - Samsung Electronics Co., Ltd.) RogueKiller version 12.12.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.17.0 - Adlice Software) S Agent (HKLM\...\{F49C89E7-14AC-4796-9C6A-49FA97890857}) (Version: 1.1.53 - Samsung Electronics CO., LTD.) Hidden Samsung Link (HKLM\...\{5A1F24BA-845E-4C89-BFF0-826FD9A6D4EB}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.) Samsung Update (HKLM-x32\...\{00ABE05F-DB49-4421-AA35-833DD9A9A94D}) (Version: 2.2.12 - Samsung Electronics CO., LTD.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Settings (HKLM-x32\...\{906320D6-3C1E-4C56-9B11-F17089D232F4}) (Version: 2.5.0 - Samsung Electronics CO., LTD.) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.) Texmaker (HKLM-x32\...\Texmaker) (Version: - ) TouchEn nxKey with E2E for 32bit (HKLM-x32\...\TouchEn nxKey) (Version: 1.0.0.59 - RaonSecure Co., Ltd.) Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation) Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version: - Microsoft) Update for Skype for Business 2015 (KB4018377) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{148C5C88-8659-47CB-A1B2-FE4A0C0B277E}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{54228DC1-0B27-4215-B2BE-4D07C521F242}) (Version: 2.33.0.0 - Microsoft Corporation) UpdateAssistant (HKLM\...\{F3874F6F-EA00-487D-BEAD-5FAA010E78F2}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden User Manual (HKLM-x32\...\{DA11CC4A-5E90-4EA9-8E7B-29D5328E35F0}) (Version: 1.4.00 - Samsung Electronics CO., LTD.) Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22402 - Microsoft Corporation) Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconCreated] -> {D130049C-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2015-01-26] (Samsung Electronics CO., LTD.) ShellIconOverlayIdentifiers: [0SamsungLinkOverlayIconRenamed] -> {D130049D-7512-4075-9145-7B8B18149060} => C:\Program Files\Samsung\SamsungLink\SLIconOverlay.dll [2015-01-26] (Samsung Electronics CO., LTD.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-06-26] (Adobe Systems Inc.) ContextMenuHandlers1: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll -> No File ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ContextMenuHandlers2: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll -> No File ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll -> No File ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll -> No File ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ContextMenuHandlers5: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll -> No File ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-09] (Intel Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-06-26] (Adobe Systems Inc.) ContextMenuHandlers6: [ALZip] -> {4EB37360-49E8-11D3-95B5-004033382980} => C:\Program Files (x86)\ESTsoft\ALZip\AZCTM64.dll -> No File ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {07585FAC-7071-4D93-BF94-CDE625959FB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-11] (Google Inc.) Task: {077DC0E1-199C-455A-A128-6F67AB9EFD5B} - System32\Tasks\vitiello => C:\Program Files (x86)\Crickets\Harder.exe Task: {092A854B-07BC-4FE8-AA35-B8911646534C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {0B372CAF-5702-4A1F-BA4B-4DE25EBD108F} - System32\Tasks\Samsung\Settings\SettingsPatternLoginAccountMonitor => C:\Program Files (x86)\Samsung\Settings\SMessage.exe [2015-01-19] (Samsung Electronics CO., LTD.) Task: {0FEAB296-BBD9-46BE-9653-32A9209297C4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2018-05-13] (Microsoft Corporation) Task: {151C6C57-C242-49C1-A49D-EE9A7717AB1E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {1A970C7F-099E-4F7F-9BB9-BD23E8846154} - System32\Tasks\{7CD35283-D035-4165-B7D0-D80B6183720F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {267FC494-FAAA-4C95-8A90-04BFF8E4BF2C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {26B3EDEB-A52A-41C2-94C0-8C537761BB86} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2815F6F2-627B-4B8B-A8C2-1618BDFD7309} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-08] () Task: {2A0959C2-9C1A-49C4-9EDC-D3AAF5DC3C82} - System32\Tasks\opa maliciously => C:\Program Files (x86)\Caddell\Sourcing.exe Task: {2D900BCA-54E5-414D-99F8-288F1DC45B40} - System32\Tasks\Samsung\SRS\SRS Logon => C:\Program Files\Samsung\Recovery\SRSMessages.exe [2014-12-11] (Samsung Electronics) Task: {3049992D-C623-4037-A0D7-209449B085FF} - System32\Tasks\SamsungLinkTray => C:\Program Files\Samsung\SamsungLink\SLServiceUserApp.exe [2015-01-26] (Samsung Electronics CO., LTD.) Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {398E2108-6617-44B0-A813-19D8B80EC708} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3A636670-2142-4C1E-9D2D-D5432A2F3EAB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-15] (Adobe Systems Incorporated) Task: {42A84CF3-C7CE-4B0A-A0EC-7DEB94E415DB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-08] () Task: {4B0A26EB-8FD5-4201-B12A-2BCC97730D32} - System32\Tasks\kickback-crossbars => C:\Program Files (x86)\venturer\Sourcing.exe Task: {508408A0-D2C4-48AA-B5AC-9D2ABD060D34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {5834C361-D625-4DDC-839E-C4EA257373AF} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe Task: {6138C80B-AB50-4AAC-BB8F-C1BA9D1AF9D2} - System32\Tasks\Samsung\Settings\SettingsPatternLoginMonitor => C:\Program Files (x86)\Samsung\Settings\SMessage.exe [2015-01-19] (Samsung Electronics CO., LTD.) Task: {622E2283-D8A6-4D77-BB08-54353694DD79} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {62483C4B-1FF3-4464-95C8-2FBB1EBB0837} - System32\Tasks\stenographersstenographers => C:\Program Files (x86)\Speared\perpetrators.exe Task: {6307C08B-1DE5-4424-BB44-9C1C40341B5B} - System32\Tasks\stenographers => C:\Program Files (x86)\Speared\perpetrators.exe Task: {655D21A0-9182-4286-B178-32E7A3B7EAA2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {6D4CDE5E-C396-4349-87C8-990D59556C52} - System32\Tasks\ShutdownOpt => C:\ProgramData\Samsung\ShutdownEvent.exe [2014-10-14] (SAMSUNG Electronics co., LTD.) Task: {78A4FDF8-CA14-41B4-B854-7D5DC528983E} - System32\Tasks\roofingroofing => C:\Program Files (x86)\orchestrating\orchestrating.exe Task: {7A2C8CFD-CDA0-4CEC-8204-B4F70E68373B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {7CAB3F7D-ADED-4D54-B11F-EDB3D4739FEE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-04-26] (Microsoft Corporation) Task: {81BAB652-6CE4-477E-B3E4-9A14D832A9FC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {81C8BB7F-DAAC-4522-A119-7AFEBB6803B3} - System32\Tasks\Samsung\Settings\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2015-01-19] (Samsung Electronics CO., LTD.) Task: {8EC13320-5E5D-433D-94AF-8971B4A2B43D} - System32\Tasks\roofing => C:\Program Files (x86)\orchestrating\orchestrating.exe Task: {9AE372F3-A698-4814-B7A2-7CDDF18AB54E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A541C40E-77CB-4ABC-B109-BEE322BEAC30} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-23] (Samsung Electronics CO., LTD.) Task: {A69005CE-DF77-4023-B13B-FFD71C831F3C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A82FF94E-6A43-44E2-A48D-E359FE5C916E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {AC89C6D0-12CA-4C5A-B114-A9D0877FABAC} - System32\Tasks\{749EA34A-4BD8-478C-822F-5431F8C853ED} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\Installer\setup.exe" -c --uninstall --system-level Task: {B0FCEF6E-EAD2-4B4C-B0CD-C1EDFC14C1AC} - System32\Tasks\opa maliciouslyopa maliciously => C:\Program Files (x86)\Caddell\Sourcing.exe Task: {B1F73E1F-B6E3-4D29-8A04-EE9742AB5D99} - System32\Tasks\vitiellovitiello => C:\Program Files (x86)\Crickets\Harder.exe Task: {B2FF02AF-135F-4349-9444-20C9515FC0FA} - System32\Tasks\GfxHotFixDia => C:\ProgramData\Samsung\GfxHotFixDia.exe [2015-03-18] (Samsung Electronics Co., Ltd.) Task: {BA763A07-7316-4029-9FFF-16D231FE980D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BE04162A-DB3B-42D1-8CE8-A46203957001} - System32\Tasks\billowed_whale => C:\Program Files (x86)\Caddell\Harder.exe Task: {BE878E73-65B6-4C08-BC6D-FACC18483B10} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-21] (Realtek Semiconductor) Task: {BFF48FD9-06CF-4577-83A8-4BBBABE0956C} - System32\Tasks\billowed_whalebillowed_whale => C:\Program Files (x86)\Caddell\Harder.exe Task: {C4304BDE-7554-47C7-A628-2EF8430EE37E} - System32\Tasks\Samsung\Settings\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2015-01-19] (Samsung Electronics CO., LTD.) Task: {CC709462-2A39-404C-8E22-B465CA6D61FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-11] (Google Inc.) Task: {D1CC1ED3-E2D4-432A-843D-686EB7466420} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-07-01] (Samsung Electronics CO., LTD.) Task: {D8E82078-A3A3-48B6-A826-DFD770DDD2ED} - System32\Tasks\Samsung\Settings\SettingsEventHandlerMonitor => C:\Program Files (x86)\Samsung\Settings\CmdServer\RSSettingEventHandler.exe [2015-01-19] (Samsung Electronics CO., LTD.) Task: {DBD1D33F-E37A-472C-A7D1-0A297F8C9620} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {DE92E64D-20F3-4188-9674-C5F52E0852D3} - System32\Tasks\ColorEngine => C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe [2014-11-13] (Samsung Electronics Co., Ltd.) Task: {E1A8FA3E-09F0-4126-A8D7-7E648360F5E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {E4414BB0-1DB3-4AF8-9A48-4F15C3341100} - System32\Tasks\kickback-crossbarskickback-crossbars => C:\Program Files (x86)\venturer\Sourcing.exe Task: {E5208BC7-B455-4EC4-A026-00CE797116EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-13] (Microsoft Corporation) Task: {E859830F-C5EB-48BE-9619-F8E91EF1D4A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F15E26BD-46B0-4194-BE93-8B0E0CF8722C} - System32\Tasks\MATLAB R2018a Startup Accelerator => C:\Program Files\MATLAB\R2018a\bin\win64\MATLABStartupAccelerator.exe [2018-02-06] () Task: {F49B9BF8-A39F-4041-A943-D5A3AAEA3AEB} - \Norton WSC Integration -> No File <==== ATTENTION Task: {F9F41024-4D57-40D1-9388-7ABEF0BBF035} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {FC12CD3A-55BD-43A1-B182-35D4BEA8A867} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\MATLAB R2018a Startup Accelerator.job => C:\Program Files\MATLAB\R2018a\bin\win64\MATLABStartupAccelerator.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-09-29 09:41 - 2017-09-29 09:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2018-05-20 13:49 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-05-20 13:50 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2015-06-22 05:47 - 2015-03-13 10:27 - 000128832 _____ () C:\ProgramData\Samsung\SecIntelGfxPatch.exe 2018-01-05 00:14 - 2018-01-05 00:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000121856 _____ () C:\Program Files\Samsung\SamsungLink\Logger.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 002801664 _____ () C:\Program Files\Samsung\SamsungLink\scs_masi.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 001153536 _____ () C:\Program Files\Samsung\SamsungLink\SLCtxMenuExtension.dll 2018-04-25 04:29 - 2018-02-21 20:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2018-04-25 04:29 - 2018-02-21 20:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-04-26 19:12 - 2018-04-26 19:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-04-26 19:12 - 2018-04-26 19:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-04-26 19:12 - 2018-04-26 19:14 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-04-26 19:12 - 2018-04-26 19:13 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll 2018-04-26 19:12 - 2018-04-26 19:13 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll 2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll 2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll 2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2018-05-18 00:15 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll 2018-05-18 00:15 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll 2014-04-08 22:29 - 2014-04-08 22:29 - 000174368 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe 2015-11-03 06:21 - 2015-11-03 06:21 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 001138176 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DMSManager.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000227840 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_serialization-vc90-mt-1_47.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000107008 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMCDP.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000055808 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RosettaAllShare.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000032768 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\Autobackup.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000038912 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_date_time-vc90-mt-1_47.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000012800 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_system-vc90-mt-1_47.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000046592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\boost_thread-vc90-mt-1_47.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000707072 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ContentDirectoryPresenter.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000041472 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DirectoryScanner.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000102400 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\FolderCDP.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000520234 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\sqlite3.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000078336 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MetadataFramework.dll 2015-01-26 15:48 - 2015-01-26 15:48 - 000028672 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AutoChaptering.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000450560 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\MoodExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 005717504 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\DCMImgExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000028160 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AudioExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000017920 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000013824 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\TextExtractor.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000012288 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoThumb.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000064000 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ID3Driver.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000022528 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\RichInfoDriver.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000125952 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ThumbnailMaker.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000137216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\VideoMetadataDriver.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\SECMetaDriver.dll 2015-01-26 15:48 - 2015-01-26 15:48 - 004671488 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avcodec-52.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000686080 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avformat-52.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000152064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\swscale-0.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000289792 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libThumbnail.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 001033216 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\ImageMagickWrapper.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000366592 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\tag.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000290816 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libKeyFrame.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000147456 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexpat.dll 2015-01-26 15:46 - 2015-01-26 15:46 - 000024064 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\photoDriver.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000070656 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\avutil-50.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000399826 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\libexif-12.dll.dll 2015-01-26 15:47 - 2015-01-26 15:47 - 000044032 _____ () C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\us.dll 2014-11-13 00:49 - 2014-11-13 00:49 - 000211064 _____ () C:\Program Files (x86)\Samsung\ColorEngine\WinCRT.dll 2014-10-22 21:19 - 2014-10-22 21:19 - 000023360 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WSABI.dll 2014-10-22 21:20 - 2014-10-22 21:20 - 000211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2017-09-26 22:22 - 2017-08-17 16:51 - 001993184 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll 2015-06-26 18:44 - 2015-06-26 18:44 - 000019456 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\ko_kr\acrotray.kor 2018-05-14 22:48 - 2018-05-14 07:45 - 000863048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2018-05-14 22:48 - 2018-05-14 07:45 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2018-04-24 21:21 - 2018-05-14 07:44 - 000100312 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000018896 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2018-04-24 21:20 - 2018-05-14 07:47 - 000020808 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000035808 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000694232 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000130520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 001845600 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2018-05-14 22:48 - 2018-05-14 07:44 - 000145880 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2018-05-14 22:48 - 2018-05-14 07:45 - 000116696 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2018-04-24 21:20 - 2018-05-14 07:44 - 000105944 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000063312 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000024536 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000077120 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2018-05-14 22:48 - 2018-05-14 07:45 - 000392664 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2018-04-24 21:20 - 2018-05-14 07:44 - 000043480 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2018-05-14 22:48 - 2018-05-14 07:44 - 000020952 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000124888 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000114136 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2018-04-24 21:20 - 2018-05-14 07:47 - 000392520 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000028000 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000175576 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000030168 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000026072 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000048600 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000057816 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000021840 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000023376 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000066400 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 003863880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000084944 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 001798464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 001959232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000028632 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000155472 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000521544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000051024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000043336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000131400 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000219984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000204104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000025440 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2018-04-24 21:20 - 2018-05-14 07:44 - 000060888 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000054616 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000024024 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000022880 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000022368 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000027496 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2018-04-24 21:21 - 2018-05-14 07:44 - 000349144 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000101704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2018-05-14 22:48 - 2018-05-14 07:45 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2018-05-14 22:48 - 2018-05-14 07:46 - 000032608 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2018-05-14 22:48 - 2018-05-14 07:45 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2018-04-24 21:21 - 2018-05-14 07:48 - 000021856 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2018-04-24 21:21 - 2018-05-14 07:47 - 000030544 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2018-05-14 22:48 - 2018-05-14 07:46 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2018-05-14 22:48 - 2018-05-14 07:46 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2018-04-24 21:21 - 2018-05-14 07:48 - 000087904 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2018-04-24 21:21 - 2018-05-14 07:48 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000546632 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2018-05-14 22:48 - 2018-05-14 07:47 - 000359744 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2014-11-04 02:46 - 2014-11-04 02:46 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-04-08 22:30 - 2014-04-08 22:30 - 000041248 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd 2014-04-08 22:29 - 2014-04-08 22:29 - 000059680 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll 2014-04-08 22:29 - 2014-04-08 22:29 - 000119072 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll 2014-04-08 22:29 - 2014-04-08 22:29 - 000562464 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\urlmon.dll 2014-04-08 22:29 - 2014-04-08 22:29 - 000401184 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iertutil.dll 2014-04-08 22:29 - 2014-04-08 22:29 - 000412448 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\WININET.dll 2014-04-08 22:30 - 2014-04-08 22:30 - 000020256 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_multiprocessing.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000025376 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32service.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000022816 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\servicemanager.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000018208 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32event.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000027424 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_socket.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000277280 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ssl.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000113952 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_hashlib.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000016672 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\select.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000040736 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ctypes.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000023328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32process.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000020256 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32ts.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000018720 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32profile.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000042784 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32security.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000336160 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_bsddb.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000023328 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32evtlog.pyd 2014-04-08 22:30 - 2014-04-08 22:30 - 000024864 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32inet.pyd 2014-04-08 22:29 - 2014-04-08 22:29 - 000021280 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\EnvironmentID.dll 2015-10-29 22:02 - 2015-10-29 22:02 - 013265408 _____ () C:\Program Files (x86)\DAUM\PotPlayer\ffcodec.dll 2015-10-12 00:36 - 2015-10-12 00:36 - 000265216 _____ () C:\Program Files (x86)\DAUM\PotPlayer\Module\FFmpeg\FFmpegMininum.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\banktown.com -> hxxp://cjb.banktown.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\bccard.com -> hxxp://www.bccard.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\citibank.co.kr -> hxxp://www.citibank.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\com -> hxxp://stapleslink.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\cu.co.kr -> hxxp://www.cu.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\daegubank.co.kr -> hxxp://banking.daegubank.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\epostbank.go.kr -> hxxp://www.epostbank.go.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hanabank.com -> hxxp://www.hanabank.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hanaskcard.com -> hxxp://www.hanaskcard.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hec.mit.edu -> hxxps://vhmitacdci.hec.mit.edu IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hksb.co.kr -> hxxp://www.hksb.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hometax.go.kr -> hxxp://www.hometax.go.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hsb.co.kr -> hxxp://banking.hsb.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\hyundaicard.com -> hxxp://www.hyundaicard.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\i9servicecenter.com -> hxxps://mit.i9servicecenter.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\ibk.co.kr -> hxxp://mybank.ibk.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\jbbank.co.kr -> hxxp://www.jbbank.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\jeilbank.co.kr -> hxxp://banking.jeilbank.co.kr IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\kbstar.com -> hxxp://kbstar.com IE trusted site: HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\kdb.co.kr -> hxxp://www.kdb.co.kr There are 26 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2018-05-20 19:53 - 000000776 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Minjung\Pictures\tumblr_static_rose_3.jpg DNS Servers: 18.71.0.151 - 18.70.0.160 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "Monkeys" HKLM\...\StartupApproved\Run: => "Grandiloquent" HKLM\...\StartupApproved\Run: => "Lawry" HKLM\...\StartupApproved\Run32: => "Charlie" HKLM\...\StartupApproved\Run32: => "Brasher" HKLM\...\StartupApproved\Run32: => "Charges" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\StartupFolder: => "balleticballetic.lnk" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "stephane" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Gammell" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Bannockburn" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Shipment" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Newsgroups" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "hiakbk" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Front" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Migratory" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "nco" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1D9F5EBB-6178-48C5-ACF4-0ACB90E96F00}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe FirewallRules: [UDP Query User{F01ECDF9-5636-4B91-AFF2-90E01166BC0E}C:\users\minjung\appdata\roaming\naver\nlivecast\nlivecast.exe] => (Allow) C:\users\minjung\appdata\roaming\naver\nlivecast\nlivecast.exe FirewallRules: [TCP Query User{0940EFC6-DA34-45FC-ABD9-455F0EE1F43E}C:\users\minjung\appdata\roaming\naver\nlivecast\nlivecast.exe] => (Allow) C:\users\minjung\appdata\roaming\naver\nlivecast\nlivecast.exe FirewallRules: [{6F98CEB1-BCD1-4F0F-ADC6-915483D97639}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EE976414-BFA8-489C-86E6-FD29F1C2B0A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EEC09E9C-F54C-43EB-B0B8-B655B0E79D9D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{EDBCCDF4-B728-40F1-8365-AE13B590551D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{CD3DD10D-DAAA-4285-A1CE-31FC5BC81276}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{13EB95B2-EF7F-466E-8A04-81B6C78AB7BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A267A757-EA31-48D5-9CDD-7B40411DB195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{DC10B817-E460-4C51-BA3B-554ECAA16875}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{88CC996E-3423-4FED-9A68-11F7E8E63312}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{BAA0ECC9-F2A3-4468-A6BE-15A4E3EB9C48}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [UDP Query User{3F340313-31DB-418E-90FA-F2C016BAD1D1}C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.3_44359.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.3_44359.exe FirewallRules: [TCP Query User{4740B307-7DEF-49EC-9C79-FE75CCA8E500}C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.3_44359.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.3_44359.exe FirewallRules: [{51989497-9A1F-4C08-9E32-BF7C7C793C7C}] => (Allow) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe FirewallRules: [UDP Query User{A0E6CE7D-8F99-4671-8067-2F5C337C1706}C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.0_43917.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [TCP Query User{D768BD3C-A907-4900-9B86-CED679029210}C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.0_43917.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.10.0_43917.exe FirewallRules: [UDP Query User{B4502D81-2791-4FEE-9175-DAD01C96E0B6}C:\coral-remote\jre8\bin\jp2launcher.exe] => (Allow) C:\coral-remote\jre8\bin\jp2launcher.exe FirewallRules: [TCP Query User{33631CAF-0D41-4B7D-AC9D-BBBAD0BDA88D}C:\coral-remote\jre8\bin\jp2launcher.exe] => (Allow) C:\coral-remote\jre8\bin\jp2launcher.exe FirewallRules: [UDP Query User{4B7E344E-FE29-436C-88C9-F0D4473DE34D}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43389.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43389.exe FirewallRules: [TCP Query User{81415F1A-B584-473D-A254-613627910441}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43389.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43389.exe FirewallRules: [UDP Query User{C07EE870-131A-43B9-BDA9-3F0FBDB9A38D}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43296.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43296.exe FirewallRules: [TCP Query User{472DA9EE-F440-4054-B3AA-F6BE8BCACCE2}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43296.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43296.exe FirewallRules: [UDP Query User{16E44009-1B54-478E-A54E-AE7B89E8752D}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43086.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43086.exe FirewallRules: [TCP Query User{F1799F47-FAE9-4316-852C-FA373DC1C3AE}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43086.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_43086.exe FirewallRules: [{068C33B7-68A0-466F-A624-E720EE9F386B}] => (Allow) C:\Program Files (x86)\IPinside_LWS\I3GProc.exe FirewallRules: [{5FF80EB0-4017-4008-B014-4FDCF988A898}] => (Allow) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe FirewallRules: [{68656CEB-7DD4-4DC7-9F1A-9176354B7FDB}] => (Allow) C:\Program Files (x86)\Wizvera\Delfino-G3\delfino.exe FirewallRules: [{225A1DA5-4212-4624-9134-20131D63CEDB}] => (Allow) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe FirewallRules: [{7B54FFE8-1FC2-445E-AE38-4B09F1A37A40}] => (Allow) C:\Program Files (x86)\Wizvera\Veraport20\veraport.exe FirewallRules: [UDP Query User{4BE0B32B-A095-4E9B-BCBB-258A0D7B9765}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42974.exe FirewallRules: [TCP Query User{638581E7-652E-4916-9CB4-AE0B33AA2CB4}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42974.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42974.exe FirewallRules: [UDP Query User{736761DE-E513-4CD4-B599-B151FBD0D7DB}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42924.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42924.exe FirewallRules: [TCP Query User{BABA5BA1-191A-4C87-8F4A-96E5AE16F8F9}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42924.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42924.exe FirewallRules: [{F5C8BEA9-4FD3-44C9-AECC-BDBBFABDE56A}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{8C9721F8-F9CE-4B84-AF9D-DB947CE89CDA}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{B7E989ED-5A5A-4E12-AEFF-19B0CCC59014}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{DE1A4BB5-79A0-48FE-A3F7-81A5EE470C61}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{6B161E2A-CC21-4C32-9E35-20B62B3C7F5E}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{59DB9B2B-7720-458D-A37D-F9B5F403214E}] => (Allow) C:\Users\Minjung\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [UDP Query User{CC9ADE16-626D-45DE-95B8-6F562A9EFB49}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42607.exe FirewallRules: [TCP Query User{4A6450A3-6A39-40AD-9D1D-B925C130DD08}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42607.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.9_42607.exe FirewallRules: [{1E5DFF25-DF1C-4132-90D4-48BD46EE7FB8}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [UDP Query User{47D2D01D-3AF7-4F14-995C-845DB0E22F01}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42577.exe FirewallRules: [TCP Query User{F22244E7-790F-4F37-8FCE-03F86B946A10}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42577.exe] => (Block) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42577.exe FirewallRules: [UDP Query User{4208782B-D646-40B8-8BD0-F9F8020F7607}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42450.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42450.exe FirewallRules: [TCP Query User{239978CD-F255-40AB-9883-6CA77E9558EC}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42450.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.8_42450.exe FirewallRules: [UDP Query User{84B864BC-659E-4A86-8C81-36AAF8BB24B8}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.7_42331.exe FirewallRules: [TCP Query User{7DB777E2-B576-4DD2-9F3E-4BC648713B80}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.7_42331.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.7_42331.exe FirewallRules: [UDP Query User{097E2E55-DDFD-4913-BEFD-0F129046B9BB}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.6_42095.exe FirewallRules: [TCP Query User{8E69777C-BE48-4A2F-B49D-4FA62DF9FB88}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.6_42095.exe FirewallRules: [UDP Query User{4558C03B-0E52-4E2B-9F42-39B4C4982502}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41866.exe FirewallRules: [TCP Query User{1F4B9B75-0B21-4428-9F27-1492D2487BF4}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41866.exe FirewallRules: [UDP Query User{687B7575-B8DE-4981-BC96-E05F1BCE215C}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41713.exe FirewallRules: [TCP Query User{6600024F-F2EC-4FE2-B0E5-38A2F7397463}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41713.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41713.exe FirewallRules: [TCP Query User{9F20037B-6634-4996-9B15-55A225B4EE6C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{4B920821-5BD6-4193-8344-F5877476A099}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41373.exe FirewallRules: [TCP Query User{70A1EC4F-E3A7-49FF-8F65-801C195BA590}C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41373.exe] => (Allow) C:\users\minjung\appdata\roaming\bittorrent\updates\7.9.5_41373.exe FirewallRules: [UDP Query User{0AEEFFBE-EF2F-4B31-95C8-606B5CAA15A5}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe FirewallRules: [TCP Query User{CB2823DA-4B74-4D77-B80A-C2C90D82D7C0}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Block) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe FirewallRules: [UDP Query User{B8051E6C-4E71-4D82-A448-B8EC4033550D}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe FirewallRules: [TCP Query User{95E2FB80-9AB8-43A3-A736-BF594317D2EE}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe FirewallRules: [{87DA67DE-ACBF-46BE-8EDB-6B5CEFCB78C8}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe FirewallRules: [{E093C2A8-F671-4E1C-8353-4E24341B8750}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe FirewallRules: [{839A8DFA-B10F-4120-A183-5BA2A633C661}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe FirewallRules: [{B140D66A-61B4-4809-9D61-06E59F2AD5D1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe FirewallRules: [{B8F7A885-4F82-4909-B79C-FD079CD97D09}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe FirewallRules: [{26FF7794-46F7-4D6D-86FE-9881D14A90B7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe FirewallRules: [{8E415B77-E900-4205-B44A-E9EF198F88C8}] => (Allow) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe FirewallRules: [{3A56ECAC-0593-4038-83AF-CF02330FA59F}] => (Allow) C:\Program Files\Samsung\SamsungLink\SamsungLinkService.exe FirewallRules: [{2D35AEE0-DF2E-48B6-A81E-38FC5755820D}] => (Allow) LPort=24234 FirewallRules: [{0D5F2FE7-356D-4916-8C69-F7ECAC5301D9}] => (Allow) LPort=7900 FirewallRules: [{0E938144-0257-48B6-844D-8B0235ADAA0F}] => (Allow) LPort=7676 FirewallRules: [{92E0D5CA-86CC-499C-B795-40E4B29DCC93}] => (Allow) LPort=7679 FirewallRules: [{8B1C4D6B-4101-420D-8798-028B3A4927E5}] => (Allow) LPort=8743 FirewallRules: [{54C7721C-85AA-4701-81ED-A892CAFEB562}] => (Allow) LPort=8643 FirewallRules: [{FFCA9587-2D5A-44D9-9C1C-5CD39D66185F}] => (Allow) LPort=1900 FirewallRules: [{1953D17E-8CAC-433A-B154-EEF360212EB4}] => (Allow) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe FirewallRules: [{775C1638-D6B0-4377-9252-1F976958404C}] => (Allow) C:\Program Files\Samsung\SamsungLink\AllShare Framework DMS\bin\AllShareFrameworkDMS.exe FirewallRules: [{3D69841B-5CD7-44BD-966A-0E09FDFAB479}] => (Allow) LPort=1900 FirewallRules: [{75AE5BD3-A798-4FED-938D-7065446B2EA8}] => (Allow) LPort=2869 FirewallRules: [{92F1BD5B-15CD-4DAB-8B16-24475ECF4372}] => (Allow) LPort=16720 FirewallRules: [{97AC2759-BDBB-47AD-94EC-1F7617F8B6D4}] => (Allow) LPort=16720 FirewallRules: [{3917AD3D-1A62-4839-80DB-0C08B8C19457}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe FirewallRules: [{82BE2E8C-EFD8-476B-9DC3-732CECC81218}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe FirewallRules: [{6B1164BD-8F6E-4F21-8FFC-6421731F7368}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C974F1F8-5A2B-4CE1-B794-6E651CE4DBA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AE8F43BB-8BC8-4D20-BAAD-A344068FDA50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{784B750A-0464-45E8-A8AE-50E17DEB2E43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{882E0D5A-DAE3-4007-9DD4-83EDB9D6A31E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{86864BB4-42AD-46E1-A3BB-AC0734A5219C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{DF323E62-8CBC-4FB8-B7D6-E6DCE7A7186A}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe FirewallRules: [{86EE5F35-555B-4DC5-B2DB-6A0A899E407C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8438860A-15EB-4D11-BEA9-B948CB336D5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E981096B-79E1-43E2-85D4-0AE55B2DEFFF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{F4A29C43-C054-425A-8835-62BEAB871B82}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{5A3E6531-4885-4E1F-AF33-31EABC3858FC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{DEDAEDAE-4077-45F4-9B93-8FA92B5101D9}] => (Allow) E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\MTKV252\Microsoft Toolkit.exe FirewallRules: [{F64920CF-FBC0-4049-A500-F1446617FF64}] => (Allow) E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\MTKV252\Microsoft Toolkit.exe FirewallRules: [{B5191A32-0C7D-4702-9222-551FC234FB97}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{CAAA3F13-C53D-4C3D-82BA-448A4ED3F605}] => (Allow) C:\Program Files (x86)\Crickets\Harder.exe FirewallRules: [{50616547-851E-486A-AEDF-C890D779FA41}] => (Allow) C:\Program Files (x86)\Caddell\Harder.exe FirewallRules: [{94F31E4B-DE76-4295-AAF9-BE573F92DE3A}] => (Allow) C:\Program Files (x86)\venturer\Sourcing.exe FirewallRules: [{D4EFAFBB-7388-49DA-9D54-36C0ECCD9807}] => (Allow) C:\Program Files (x86)\Caddell\Sourcing.exe FirewallRules: [{2D194E82-03D2-4EED-9D94-FED77284FADE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/20/2018 09:38:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (05/20/2018 09:38:25 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (05/20/2018 09:38:04 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (05/20/2018 09:38:04 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: ) Description: Event-ID 5000 Error: (05/20/2018 08:44:13 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (05/20/2018 08:44:13 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (05/20/2018 08:13:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: CommonAgent.exe, version: 1.1.5.3, time stamp: 0x5593d3fb Faulting module name: CommonAgent.exe, version: 1.1.5.3, time stamp: 0x5593d3fb Exception code: 0x40000015 Fault offset: 0x00000000001870e5 Faulting process id: 0x2c3c Faulting application start time: 0x01d3f0988003a1e3 Faulting application path: C:\Program Files\Samsung\S Agent\CommonAgent.exe Faulting module path: C:\Program Files\Samsung\S Agent\CommonAgent.exe Report Id: fcf14673-f450-403d-adf9-0a93bd651d8c Faulting package full name: Faulting package-relative application ID: Error: (05/20/2018 08:12:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SMessage.exe, version: 2.5.0.19, time stamp: 0x54bcb6a0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1524 Faulting application start time: 0x01d3f0985ba8e412 Faulting application path: C:\Program Files (x86)\Samsung\Settings\SMessage.exe Faulting module path: unknown Report Id: 32476568-4a7d-4ad1-8cc2-98592c7bccb6 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (05/20/2018 09:48:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:46:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:44:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:42:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:40:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:38:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:36:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Error: (05/20/2018 09:34:40 PM) (Source: DCOM) (EventID: 10010) (User: MINJUNG) Description: The server {9E175B6D-F52A-11D8-B9A5-505054503030} did not register with DCOM within the required timeout. Windows Defender: =================================== Date: 2018-05-20 01:13:55.122 Description: Windows Defender 바이러스 백신이(가) 맬웨어 또는 기타 사용자 동의 없이 설치된 소프트웨어를 검색했습니다. 자세한 내용은 다음을 참조하십시오.https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Kaymundler.C&threatid=2147709830&enterprise=0 이름: TrojanDropper:Win32/Kaymundler.C ID: 2147709830 심각도: Severe 범주: Trojan Dropper 경로: file:_E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\Microsoft Toolkit Final pass 123456\Microsoft Toolkit Final.exe;process:_pid:14296,ProcessStart:131712664587028431;process:_pid:9500,ProcessStart:131712664604609127 검색 원본: 로컬 컴퓨터 검색 유형: 구체적 검색 소스: 시스템 사용자: NT AUTHORITY\SYSTEM 프로세스 이름: Unknown 서명 버전: AV: 1.267.1675.0, AS: 1.267.1675.0, NIS: 1.267.1675.0 엔진 버전: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-20 01:13:55.119 Description: Windows Defender 바이러스 백신이(가) 맬웨어 또는 기타 사용자 동의 없이 설치된 소프트웨어를 검색했습니다. 자세한 내용은 다음을 참조하십시오.https://go.microsoft.com/fwlink/?linkid=37020&name=SoftwareBundler:Win32/Prepscram&threatid=226289&enterprise=0 이름: SoftwareBundler:Win32/Prepscram ID: 226289 심각도: High 범주: Software Bundler 경로: file:_C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe;process:_pid:9500,ProcessStart:131712664604609127 검색 원본: 로컬 컴퓨터 검색 유형: 구체적 검색 소스: 시스템 사용자: NT AUTHORITY\SYSTEM 프로세스 이름: C:\Program Files (x86)\Microsoft Toolkit Final\Setup activation.exe 서명 버전: AV: 1.267.1675.0, AS: 1.267.1675.0, NIS: 1.267.1675.0 엔진 버전: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-20 01:11:51.509 Description: Windows Defender 바이러스 백신이(가) 맬웨어 또는 기타 사용자 동의 없이 설치된 소프트웨어를 검색했습니다. 자세한 내용은 다음을 참조하십시오.https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Kaymundler.C&threatid=2147709830&enterprise=0 이름: TrojanDropper:Win32/Kaymundler.C ID: 2147709830 심각도: Severe 범주: Trojan Dropper 경로: file:_E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\Microsoft Toolkit Final pass 123456\Microsoft Toolkit Final.exe 검색 원본: 로컬 컴퓨터 검색 유형: 구체적 검색 소스: 실시간 보호 사용자: Minjung\Minjung 프로세스 이름: C:\Windows\explorer.exe 서명 버전: AV: 1.267.1675.0, AS: 1.267.1675.0, NIS: 1.267.1675.0 엔진 버전: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-20 01:05:25.357 Description: Windows Defender 바이러스 백신이(가) 맬웨어 또는 기타 사용자 동의 없이 설치된 소프트웨어를 검색했습니다. 자세한 내용은 다음을 참조하십시오.https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Vigorf.A&threatid=2147714397&enterprise=0 이름: HackTool:Win32/Vigorf.A ID: 2147714397 심각도: High 범주: Tool 경로: file:_E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\MTKV252\Microsoft Toolkit.exe;process:_pid:13148,ProcessStart:131712661377167842 검색 원본: 로컬 컴퓨터 검색 유형: 빠른 경로 검색 소스: 시스템 사용자: NT AUTHORITY\SYSTEM 프로세스 이름: Unknown 서명 버전: AV: 1.267.1675.0, AS: 1.267.1675.0, NIS: 1.267.1675.0 엔진 버전: AM: 1.1.14800.3, NIS: 1.1.14800.3 Date: 2018-05-20 01:02:47.456 Description: Windows Defender 바이러스 백신이(가) 맬웨어 또는 기타 사용자 동의 없이 설치된 소프트웨어를 검색했습니다. 자세한 내용은 다음을 참조하십시오.https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Vigorf.A&threatid=2147714397&enterprise=0 이름: HackTool:Win32/Vigorf.A ID: 2147714397 심각도: High 범주: Tool 경로: file:_E:\002 Softwares\Microsoft Office Professional Plus 2013 (x64)\MTKV252\Microsoft Toolkit.exe 검색 원본: 로컬 컴퓨터 검색 유형: 빠른 경로 검색 소스: 시스템 사용자: NT AUTHORITY\SYSTEM 프로세스 이름: Unknown 서명 버전: AV: 1.267.1675.0, AS: 1.267.1675.0, NIS: 0.0.0.0 엔진 버전: AM: 1.1.14800.3, NIS: 0.0.0.0 CodeIntegrity: =================================== Date: 2018-05-20 21:46:04.386 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:46:04.382 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:39:41.454 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:39:41.451 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:31:04.025 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:31:04.022 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:28:23.086 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2018-05-20 21:28:23.081 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz Percentage of memory in use: 55% Total physical RAM: 8107.48 MB Available physical RAM: 3600.67 MB Total Virtual: 8711.75 MB Available Virtual: 4721.62 MB ==================== Drives ================================ Drive ? () (Fixed) (Total:94.19 GB) (Free:0.38 GB) NTFS Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:770.16 GB) NTFS \\?\Volume{5654ee3c-ee93-44d1-8729-9678d5199b70}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS \\?\Volume{3a231e92-acb0-4e86-95b1-b4ca6466a8b3}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32 \\?\Volume{317dc396-c600-45ca-b852-af03601e02ae}\ () (Fixed) (Total:0.83 GB) (Free:0.34 GB) NTFS \\?\Volume{f522cb0e-ae79-11e4-8151-d8e42f2ae60c}\ () (Fixed) (Total:0 GB) (Free:0 GB) \\?\Volume{e4ff9d85-5b28-4c0f-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.31 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: 26EA9241) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: BE45E652) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted May 21, 2018 ID:1244763 Share Posted May 21, 2018 Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
espingla Posted May 21, 2018 Author ID:1244768 Share Posted May 21, 2018 Here's the fixlog: Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 Ran by Minjung (20-05-2018 22:54:32) Run:2 Running from C:\Users\Minjung\Desktop Loaded Profiles: Minjung (Available Profiles: Minjung) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [Grandiloquent] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKLM\...\Run: [Lawry] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKLM\...\Run: [Monkeys] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKLM-x32\...\Run: [Brasher] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKLM-x32\...\Run: [Charges] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKLM-x32\...\Run: [Charlie] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Newsgroups] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Migratory] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Shipment] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Bannockburn] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Front] => "C:\Program Files (x86)\venturer\Sourcing.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [Gammell] => "C:\Program Files (x86)\Caddell\Harder.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [nco] => "C:\Program Files (x86)\sonnet\nco.exe" rnfanvlu HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\Run: [stephane] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu Startup: C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balletic.lnk [2018-05-20] ShortcutTarget: balletic.lnk -> C:\Program Files (x86)\Crickets\Harder.exe (No File) Startup: C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balleticballetic.lnk [2018-05-20] ShortcutTarget: balleticballetic.lnk -> C:\Program Files (x86)\venturer\Sourcing.exe (No File) CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION CHR HomePage: Default -> hxxps://search.yahoo.com/?type=502468&fr=yo-yhp-ch S4 npvcroag; System32\drivers\avrougke.sys [X] Task: {077DC0E1-199C-455A-A128-6F67AB9EFD5B} - System32\Tasks\vitiello => C:\Program Files (x86)\Crickets\Harder.exe Task: {1A970C7F-099E-4F7F-9BB9-BD23E8846154} - System32\Tasks\{7CD35283-D035-4165-B7D0-D80B6183720F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {26B3EDEB-A52A-41C2-94C0-8C537761BB86} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {2A0959C2-9C1A-49C4-9EDC-D3AAF5DC3C82} - System32\Tasks\opa maliciously => C:\Program Files (x86)\Caddell\Sourcing.exe Task: {398E2108-6617-44B0-A813-19D8B80EC708} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {4B0A26EB-8FD5-4201-B12A-2BCC97730D32} - System32\Tasks\kickback-crossbars => C:\Program Files (x86)\venturer\Sourcing.exe Task: {622E2283-D8A6-4D77-BB08-54353694DD79} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {62483C4B-1FF3-4464-95C8-2FBB1EBB0837} - System32\Tasks\stenographersstenographers => C:\Program Files (x86)\Speared\perpetrators.exe Task: {6307C08B-1DE5-4424-BB44-9C1C40341B5B} - System32\Tasks\stenographers => C:\Program Files (x86)\Speared\perpetrators.exe Task: {78A4FDF8-CA14-41B4-B854-7D5DC528983E} - System32\Tasks\roofingroofing => C:\Program Files (x86)\orchestrating\orchestrating.exe Task: {8EC13320-5E5D-433D-94AF-8971B4A2B43D} - System32\Tasks\roofing => C:\Program Files (x86)\orchestrating\orchestrating.exe Task: {9AE372F3-A698-4814-B7A2-7CDDF18AB54E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {A69005CE-DF77-4023-B13B-FFD71C831F3C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {A82FF94E-6A43-44E2-A48D-E359FE5C916E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {AC89C6D0-12CA-4C5A-B114-A9D0877FABAC} - System32\Tasks\{749EA34A-4BD8-478C-822F-5431F8C853ED} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\Installer\setup.exe" -c --uninstall --system-level Task: {B0FCEF6E-EAD2-4B4C-B0CD-C1EDFC14C1AC} - System32\Tasks\opa maliciouslyopa maliciously => C:\Program Files (x86)\Caddell\Sourcing.exe Task: {B1F73E1F-B6E3-4D29-8A04-EE9742AB5D99} - System32\Tasks\vitiellovitiello => C:\Program Files (x86)\Crickets\Harder.exe Task: {BA763A07-7316-4029-9FFF-16D231FE980D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BE04162A-DB3B-42D1-8CE8-A46203957001} - System32\Tasks\billowed_whale => C:\Program Files (x86)\Caddell\Harder.exe Task: {BFF48FD9-06CF-4577-83A8-4BBBABE0956C} - System32\Tasks\billowed_whalebillowed_whale => C:\Program Files (x86)\Caddell\Harder.exe Task: {DBD1D33F-E37A-472C-A7D1-0A297F8C9620} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {E1A8FA3E-09F0-4126-A8D7-7E648360F5E0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {E4414BB0-1DB3-4AF8-9A48-4F15C3341100} - System32\Tasks\kickback-crossbarskickback-crossbars => C:\Program Files (x86)\venturer\Sourcing.exe Task: {E859830F-C5EB-48BE-9619-F8E91EF1D4A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {F49B9BF8-A39F-4041-A943-D5A3AAEA3AEB} - \Norton WSC Integration -> No File <==== ATTENTION Task: {FC12CD3A-55BD-43A1-B182-35D4BEA8A867} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION HKLM\...\StartupApproved\Run: => "Monkeys" HKLM\...\StartupApproved\Run: => "Grandiloquent" HKLM\...\StartupApproved\Run: => "Lawry" HKLM\...\StartupApproved\Run32: => "Charlie" HKLM\...\StartupApproved\Run32: => "Brasher" HKLM\...\StartupApproved\Run32: => "Charges" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\StartupFolder: => "balleticballetic.lnk" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "stephane" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Gammell" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Bannockburn" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Shipment" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Newsgroups" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "hiakbk" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Front" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "Migratory" HKU\S-1-5-21-366476898-4255595637-1063196365-1001\...\StartupApproved\Run: => "nco" FirewallRules: [{CAAA3F13-C53D-4C3D-82BA-448A4ED3F605}] => (Allow) C:\Program Files (x86)\Crickets\Harder.exe FirewallRules: [{50616547-851E-486A-AEDF-C890D779FA41}] => (Allow) C:\Program Files (x86)\Caddell\Harder.exe FirewallRules: [{94F31E4B-DE76-4295-AAF9-BE573F92DE3A}] => (Allow) C:\Program Files (x86)\venturer\Sourcing.exe FirewallRules: [{D4EFAFBB-7388-49DA-9D54-36C0ECCD9807}] => (Allow) C:\Program Files (x86)\Caddell\Sourcing.exe C:\fhioq822ebnx98b C:\Program Files (x86)\Crickets C:\Program Files (x86)\Caddell C:\Program Files (x86)\venturer C:\Program Files (x86)\Caddell C:\ProgramData\ntuser.pol C:\Users\Minjung\AppData\Local\mbolpre C:\Users\Minjung\AppData\Local\msaolwk C:\Users\Minjung\AppData\Local\wdenmkx C:\Users\Minjung\AppData\Local\zadxhlv C:\Users\Minjung\AppData\Local\comskue C:\Users\Minjung\AppData\Local\exbgasi C:\Users\Minjung\AppData\Local\msdgtcw C:\Users\Minjung\AppData\Local\pwsingz C:\Users\Minjung\AppData\Local\schtbdk C:\Users\Minjung\AppData\Local\lmhxakt C:\Users\Minjung\AppData\Local\cgrmiew C:\Users\Minjung\AppData\Local\pcogutx C:\Users\Minjung\AppData\Local\wmcagent C:\Users\Minjung\AppData\Local\vsmknbe C:\Users\Minjung\AppData\Local\dsbhcez C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl C:\Users\Minjung\AppData\Roaming\et C:\WINDOWS\b47064577 C:\WINDOWS\spdysrybqdrzztls.spdy C:\WINDOWS\paint.exe C:\WINDOWS\uninstaller.dat C:\WINDOWS\system32\vdeaoczsvc.exe C:\WINDOWS\system32\rarmcou C:\WINDOWS\SysWOW64\rarmcou EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Grandiloquent" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Lawry" => removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Monkeys" => removed successfully HKLM-x32\...\Run: [Brasher] => "C:\Program Files (x86)\Crickets\Harder.exe" rnfanvlu => Error: No automatic fix found for this entry. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Charges" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Charlie" => removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Newsgroups" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Migratory" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Shipment" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bannockburn" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Front" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Gammell" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\nco" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\Software\Microsoft\Windows\CurrentVersion\Run\\stephane" => removed successfully C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balletic.lnk => moved successfully "C:\Program Files (x86)\Crickets\Harder.exe" => not found C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balleticballetic.lnk => moved successfully "C:\Program Files (x86)\venturer\Sourcing.exe" => not found "HKLM\SOFTWARE\Policies\Google" => removed successfully "Chrome HomePage" => removed successfully "HKLM\System\CurrentControlSet\Services\npvcroag" => removed successfully npvcroag => service removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{077DC0E1-199C-455A-A128-6F67AB9EFD5B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077DC0E1-199C-455A-A128-6F67AB9EFD5B}" => removed successfully C:\WINDOWS\System32\Tasks\vitiello => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vitiello" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A970C7F-099E-4F7F-9BB9-BD23E8846154}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A970C7F-099E-4F7F-9BB9-BD23E8846154}" => removed successfully C:\WINDOWS\System32\Tasks\{7CD35283-D035-4165-B7D0-D80B6183720F} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7CD35283-D035-4165-B7D0-D80B6183720F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26B3EDEB-A52A-41C2-94C0-8C537761BB86}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26B3EDEB-A52A-41C2-94C0-8C537761BB86}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A0959C2-9C1A-49C4-9EDC-D3AAF5DC3C82}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A0959C2-9C1A-49C4-9EDC-D3AAF5DC3C82}" => removed successfully C:\WINDOWS\System32\Tasks\opa maliciously => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\opa maliciously" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{398E2108-6617-44B0-A813-19D8B80EC708}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{398E2108-6617-44B0-A813-19D8B80EC708}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4B0A26EB-8FD5-4201-B12A-2BCC97730D32}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B0A26EB-8FD5-4201-B12A-2BCC97730D32}" => removed successfully C:\WINDOWS\System32\Tasks\kickback-crossbars => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kickback-crossbars" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{622E2283-D8A6-4D77-BB08-54353694DD79}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{622E2283-D8A6-4D77-BB08-54353694DD79}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62483C4B-1FF3-4464-95C8-2FBB1EBB0837} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62483C4B-1FF3-4464-95C8-2FBB1EBB0837} => not found "C:\WINDOWS\System32\Tasks\stenographersstenographers" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\stenographersstenographers" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6307C08B-1DE5-4424-BB44-9C1C40341B5B} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6307C08B-1DE5-4424-BB44-9C1C40341B5B} => not found "C:\WINDOWS\System32\Tasks\stenographers" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\stenographers" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78A4FDF8-CA14-41B4-B854-7D5DC528983E}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A4FDF8-CA14-41B4-B854-7D5DC528983E}" => removed successfully C:\WINDOWS\System32\Tasks\roofingroofing => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\roofingroofing" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8EC13320-5E5D-433D-94AF-8971B4A2B43D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EC13320-5E5D-433D-94AF-8971B4A2B43D}" => removed successfully C:\WINDOWS\System32\Tasks\roofing => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\roofing" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AE372F3-A698-4814-B7A2-7CDDF18AB54E} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE372F3-A698-4814-B7A2-7CDDF18AB54E} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A69005CE-DF77-4023-B13B-FFD71C831F3C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69005CE-DF77-4023-B13B-FFD71C831F3C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A82FF94E-6A43-44E2-A48D-E359FE5C916E} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A82FF94E-6A43-44E2-A48D-E359FE5C916E} => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC89C6D0-12CA-4C5A-B114-A9D0877FABAC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC89C6D0-12CA-4C5A-B114-A9D0877FABAC}" => removed successfully C:\WINDOWS\System32\Tasks\{749EA34A-4BD8-478C-822F-5431F8C853ED} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{749EA34A-4BD8-478C-822F-5431F8C853ED}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0FCEF6E-EAD2-4B4C-B0CD-C1EDFC14C1AC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0FCEF6E-EAD2-4B4C-B0CD-C1EDFC14C1AC}" => removed successfully C:\WINDOWS\System32\Tasks\opa maliciouslyopa maliciously => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\opa maliciouslyopa maliciously" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1F73E1F-B6E3-4D29-8A04-EE9742AB5D99}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1F73E1F-B6E3-4D29-8A04-EE9742AB5D99}" => removed successfully C:\WINDOWS\System32\Tasks\vitiellovitiello => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\vitiellovitiello" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA763A07-7316-4029-9FFF-16D231FE980D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA763A07-7316-4029-9FFF-16D231FE980D}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE04162A-DB3B-42D1-8CE8-A46203957001} => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE04162A-DB3B-42D1-8CE8-A46203957001} => not found "C:\WINDOWS\System32\Tasks\billowed_whale" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\billowed_whale" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFF48FD9-06CF-4577-83A8-4BBBABE0956C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFF48FD9-06CF-4577-83A8-4BBBABE0956C}" => removed successfully C:\WINDOWS\System32\Tasks\billowed_whalebillowed_whale => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\billowed_whalebillowed_whale" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBD1D33F-E37A-472C-A7D1-0A297F8C9620}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBD1D33F-E37A-472C-A7D1-0A297F8C9620}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A8FA3E-09F0-4126-A8D7-7E648360F5E0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A8FA3E-09F0-4126-A8D7-7E648360F5E0}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4414BB0-1DB3-4AF8-9A48-4F15C3341100}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4414BB0-1DB3-4AF8-9A48-4F15C3341100}" => removed successfully C:\WINDOWS\System32\Tasks\kickback-crossbarskickback-crossbars => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kickback-crossbarskickback-crossbars" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E859830F-C5EB-48BE-9619-F8E91EF1D4A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E859830F-C5EB-48BE-9619-F8E91EF1D4A1}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F49B9BF8-A39F-4041-A943-D5A3AAEA3AEB}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F49B9BF8-A39F-4041-A943-D5A3AAEA3AEB}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC12CD3A-55BD-43A1-B182-35D4BEA8A867}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC12CD3A-55BD-43A1-B182-35D4BEA8A867}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Monkeys" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Monkeys" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Grandiloquent" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Grandiloquent" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Lawry" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lawry" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Charlie" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Charlie" => not found "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Brasher" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Brasher" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Charges" => removed successfully "HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Charges" => not found "C:\Users\Minjung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\balleticballetic.lnk" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\balleticballetic.lnk" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\stephane" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\stephane" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Gammell" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Gammell" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Bannockburn" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Bannockburn" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Shipment" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Shipment" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Newsgroups" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Newsgroups" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\hiakbk" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\hiakbk" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Front" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Front" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Migratory" => removed successfully "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Migratory" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\nco" => not found "HKU\S-1-5-21-366476898-4255595637-1063196365-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nco" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAAA3F13-C53D-4C3D-82BA-448A4ED3F605}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50616547-851E-486A-AEDF-C890D779FA41}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94F31E4B-DE76-4295-AAF9-BE573F92DE3A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D4EFAFBB-7388-49DA-9D54-36C0ECCD9807}" => removed successfully C:\fhioq822ebnx98b => moved successfully "C:\Program Files (x86)\Crickets" => not found "C:\Program Files (x86)\Caddell" => not found "C:\Program Files (x86)\venturer" => not found "C:\Program Files (x86)\Caddell" => not found C:\ProgramData\ntuser.pol => moved successfully C:\Users\Minjung\AppData\Local\mbolpre => moved successfully C:\Users\Minjung\AppData\Local\msaolwk => moved successfully C:\Users\Minjung\AppData\Local\wdenmkx => moved successfully C:\Users\Minjung\AppData\Local\zadxhlv => moved successfully C:\Users\Minjung\AppData\Local\comskue => moved successfully C:\Users\Minjung\AppData\Local\exbgasi => moved successfully C:\Users\Minjung\AppData\Local\msdgtcw => moved successfully C:\Users\Minjung\AppData\Local\pwsingz => moved successfully C:\Users\Minjung\AppData\Local\schtbdk => moved successfully C:\Users\Minjung\AppData\Local\lmhxakt => moved successfully C:\Users\Minjung\AppData\Local\cgrmiew => moved successfully C:\Users\Minjung\AppData\Local\pcogutx => moved successfully C:\Users\Minjung\AppData\Local\wmcagent => moved successfully C:\Users\Minjung\AppData\Local\vsmknbe => moved successfully C:\Users\Minjung\AppData\Local\dsbhcez => moved successfully C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio => moved successfully "C:\Users\Minjung\AppData\Local\Google\Chrome\User Data\Default\Extensions\opalpjjboefohnelaemnhdhlceibbcgl" => not found C:\Users\Minjung\AppData\Roaming\et => moved successfully C:\WINDOWS\b47064577 => moved successfully C:\WINDOWS\spdysrybqdrzztls.spdy => moved successfully C:\WINDOWS\paint.exe => moved successfully C:\WINDOWS\uninstaller.dat => moved successfully C:\WINDOWS\system32\vdeaoczsvc.exe => moved successfully C:\WINDOWS\system32\rarmcou => moved successfully "C:\WINDOWS\SysWOW64\rarmcou" => not found =========== EmptyTemp: ========== BITS transfer queue => 11034624 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23652420 B Java, Flash, Steam htmlcache => 3238 B Windows/system/drivers => 20325162 B Edge => 4002743 B Chrome => 67145616 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 1536 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 17222 B NetworkService => 104418 B Minjung => 71446548 B RecycleBin => 0 B EmptyTemp: => 188.6 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 22:55:15 ==== Link to post Share on other sites More sharing options...
Aura Posted May 21, 2018 ID:1244769 Share Posted May 21, 2018 Good How's your system behaving now? Were there any other issues to address? Link to post Share on other sites More sharing options...
espingla Posted May 21, 2018 Author ID:1244770 Share Posted May 21, 2018 Looking pretty normal to me! Although, whenever I reboot the system it still shows this weird message saying "scanning and repairing drive ..." , which started appearing when it got infected. Would you say this is still ok? Link to post Share on other sites More sharing options...
Aura Posted May 21, 2018 ID:1244877 Share Posted May 21, 2018 Does the scan complete (gets to 100%), or do you cancel it midway? Link to post Share on other sites More sharing options...
espingla Posted May 21, 2018 Author ID:1244964 Share Posted May 21, 2018 It completes very quickly (within a minute or so). Something else that started with the infection but is still persistent is that File Explorer (so basically whenever I open any folder) hangs for an infinite amount of time so that I can’t browse any files really. File Explorer only works for the first 5-10 minutes after startup and then it does that repeatedly. Same for the control panel. Link to post Share on other sites More sharing options...
Aura Posted May 21, 2018 ID:1245027 Share Posted May 21, 2018 Can you tell me which volume is being scanned and repaired on startup? \\?\Volume{5654ee3c-ee93-44d1-8729-9678d5199b70}\ \\?\Volume{3a231e92-acb0-4e86-95b1-b4ca6466a8b3}\ \\?\Volume{317dc396-c600-45ca-b852-af03601e02ae}\ \\?\Volume{f522cb0e-ae79-11e4-8151-d8e42f2ae60c}\ \\?\Volume{e4ff9d85-5b28-4c0f-4173-636c65706975}\ Link to post Share on other sites More sharing options...
espingla Posted May 22, 2018 Author ID:1245161 Share Posted May 22, 2018 It's \\?\Volume{f522cb0e-ae79-11e4-8151-d8e42f2ae60c}\ Link to post Share on other sites More sharing options...
Aura Posted May 22, 2018 ID:1245234 Share Posted May 22, 2018 Alright, open a command prompt with Admin Rights, and enter the command below. Then, copy/paste the output here. fsutil dirty query "\\?\Volume{f522cb0e-ae79-11e4-8151-d8e42f2ae60c}\" Link to post Share on other sites More sharing options...
espingla Posted May 23, 2018 Author ID:1245470 Share Posted May 23, 2018 Sorry, all I am getting is this (see attached screenshot): Link to post Share on other sites More sharing options...
Recommended Posts