Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018 Ran by Георгий (administrator) on MSI (04-06-2018 17:51:54) Running from D:\ Loaded Profiles: Георгий (Available Profiles: Георгий) Platform: Windows 10 Home Single Language Version 1709 16299.431 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) D:\2 - programs\EAV\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe (Alcohol Soft Development Team) D:\2 - programs\Alcohol\Alcohol 120\AxAHCIServiceEx.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (LogMeIn Inc.) C:\Program Files (x86)\Common Files\Hamachi\x64\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\Common Files\Hamachi\x64\LMIGuardianSvc.exe (LogMeIn Inc.) C:\Program Files (x86)\Common Files\Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\Common Files\Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxEM.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ESET) D:\2 - programs\EAV\egui.exe (Valve Corporation) D:\6 - steam\Steam.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe (Valve Corporation) D:\6 - steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\6 - steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) D:\6 - steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) D:\6 - steam\bin\cef\cef.win7\steamwebhelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera_crashreporter.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe (Opera Software) D:\2 - programs\Opera\53.0.2907.68\opera.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-10] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] () HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [5838120 2017-05-20] (Portrait Displays, Inc.) HKLM\...\Run: [egui] => D:\2 - programs\EAV\ecmds.exe [324352 2017-12-18] (ESET) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-11-15] (Realtek Semiconductor) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\Common Files\Hamachi\hamachi-2-ui.exe [5885352 2018-05-30] (LogMeIn Inc.) HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\Run: [Steam] => D:\6 - steam\steam.exe [3200800 2018-06-01] (Valve Corporation) HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\Run: [Gaijin.Net Agent] => C:\Users\Георгий\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2268232 2017-10-15] (Gaijin Entertainment) HKU\S-1-5-21-1460541748-495540164-1647599008-1001\...\Run: [AlcoholAutomount] => D:\2 - programs\Alcohol\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-04-08] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-06-29] () Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2017-06-29] () Startup: C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Create virtual drive for Denwer.lnk [2018-05-16] ShortcutTarget: Create virtual drive for Denwer.lnk -> C:\WebServers\denwer\Boot.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6ca55a78-b7f1-4d16-9b7e-25a233b68e87}: [NameServer] 178.17.170.179,52.174.55.168 Tcpip\..\Interfaces\{6ca55a78-b7f1-4d16-9b7e-25a233b68e87}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{ffd347ec-80aa-41d9-b096-2101c2517442}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKU\S-1-5-21-1460541748-495540164-1647599008-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE SearchScopes: HKU\S-1-5-21-1460541748-495540164-1647599008-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 SearchScopes: HKU\S-1-5-21-1460541748-495540164-1647599008-1001 -> {805135A9-E98A-44B9-A96B-4B2D9D2D9B6F} URL = SearchScopes: HKU\S-1-5-21-1460541748-495540164-1647599008-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2233627 BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\2 - programs\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> D:\2 - programs\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Common Files\Microsoft Office\Office16\NPSPWRAP.DLL [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] () FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Common Files\DESIGNER\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.) Opera: ======= OPR Session Restore: -> is enabled. OPR Extension: (HD Video Downloader) - C:\Users\Георгий\AppData\Roaming\Opera Software\Opera Stable\Extensions\gacckcgfmoapndlfjdjiffiblljijhep [2017-11-11] OPR Extension: (gera2ld) - C:\Users\Георгий\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2018-01-13] OPR Extension: (SaveFrom.net помощник) - C:\Users\Георгий\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2018-05-16] OPR Extension: (Adblock Plus) - C:\Users\Георгий\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2018-05-16] StartMenuInternet: (HKLM) OperaStable - D:\2 - programs\Opera\Launcher.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows (R) Win 7 DDK provider) S2 AxAutoMntSrv; D:\2 - programs\Alcohol\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team) R2 AxVirtualAHCISrv; D:\2 - programs\Alcohol\Alcohol 120\AxAHCIServiceEx.exe [99712 2015-12-04] (Alcohol Soft Development Team) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2017-12-20] () R2 ekrn; D:\2 - programs\EAV\ekrn.exe [1940584 2017-12-18] (ESET) R2 Hamachi2Svc; C:\Program Files (x86)\Common Files\Hamachi\x64\hamachi-2.exe [3346856 2018-05-30] (LogMeIn Inc.) S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-13] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-10] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-25] (Intel(R) Corporation) S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-25] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation) S2 MBAMService; D:\2 - programs\malware\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-06-08] (Micro-Star International Co., Ltd.) [File not signed] S3 mracsvc; C:\Windows\System32\mracsvc.exe [8010968 2018-01-21] (LLC Mail.Ru) R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [192296 2017-05-20] (Portrait Displays, Inc.) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [61880 2017-08-28] (Micro-Star INT'L CO., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [270424 2017-05-09] (Synaptics Incorporated) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) S3 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-26] (Apple Inc.) R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm) R3 dtscsibus; C:\WINDOWS\system32\DRIVERS\dtscsibus.sys [29696 2018-03-30] (Disc Soft Ltd) R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164560 2017-05-18] (Qualcomm Atheros, Inc.) R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [134368 2018-01-19] (ESET) S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-02-20] (ESET) R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2018-01-19] (ESET) S1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [106304 2018-01-19] (ESET) R1 epfwwfpr; C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys [77736 2017-09-25] (ESET) S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-13] (Intel Corporation) S3 mracdrv; C:\WINDOWS\System32\drivers\mracdrv.sys [7238880 2018-01-21] (LLC Mail.Ru) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_26ff922a063817cd\nvlddmkm.sys [14456944 2017-06-29] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-06-29] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-06-29] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-06-29] (NVIDIA Corporation) R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2017-06-29] (Realsil Semiconductor Corporation) R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation) R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2017-05-09] (Synaptics Incorporated) R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2018-03-30] (Duplex Secure Ltd) R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] () R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [47944 2018-01-17] (SteelSeries ApS) R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38656 2017-12-15] () S3 TriDefSmartCam; C:\WINDOWS\system32\DRIVERS\TriDefSmartCam.sys [48304 2017-02-20] (DDD Group Plc.) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [211704 2017-11-22] (Oracle Corporation) U5 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [144632 2017-11-22] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] () S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-04 17:51 - 2018-06-04 17:51 - 000000000 ____D C:\FRST 2018-05-31 15:15 - 2018-06-03 12:53 - 000000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi 2018-05-31 15:15 - 2018-06-03 12:53 - 000000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi 2018-05-31 15:15 - 2018-05-31 15:15 - 000000000 ____D C:\Users\Все пользователи\Malwarebytes 2018-05-31 15:15 - 2018-05-31 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-05-31 15:15 - 2018-05-31 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2018-05-31 15:15 - 2018-05-31 15:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-05-31 15:15 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-05-31 15:06 - 2018-05-31 15:06 - 000000000 ____D C:\WINDOWS\ABR 2018-05-26 18:07 - 2018-05-26 18:08 - 000000000 ____D C:\Users\Георгий\AppData\Roaming\ProcessLasso 2018-05-20 23:57 - 2018-05-20 23:57 - 000000000 ____D C:\WINDOWS\Panther 2018-05-20 23:29 - 2018-05-20 23:29 - 000000000 ____D C:\rsit 2018-05-20 23:29 - 2018-05-20 23:29 - 000000000 ____D C:\Program Files\trend micro 2018-05-20 23:11 - 2018-05-20 23:24 - 000000000 ____D C:\AdwCleaner 2018-05-20 23:06 - 2018-05-20 23:06 - 000000000 ____D C:\SecurityCheck 2018-05-13 00:05 - 2018-05-13 00:05 - 000000000 ____D C:\Program Files\Synaptics 2018-05-13 00:05 - 2017-05-09 18:47 - 000803928 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll 2018-05-13 00:05 - 2017-05-09 18:47 - 000279128 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll 2018-05-13 00:05 - 2017-05-09 18:47 - 000064088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys 2018-05-13 00:05 - 2017-05-09 18:46 - 000931416 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys 2018-05-13 00:05 - 2014-01-30 18:17 - 001795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll 2018-05-12 22:35 - 2018-05-31 15:08 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2018-05-09 15:21 - 2018-05-03 10:57 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-05-09 15:21 - 2018-05-03 10:56 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-05-09 15:21 - 2018-05-03 10:56 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-05-09 15:21 - 2018-05-03 10:54 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2018-05-09 15:21 - 2018-05-03 10:54 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2018-05-09 15:21 - 2018-05-03 10:53 - 000461216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2018-05-09 15:21 - 2018-05-03 10:53 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-05-09 15:21 - 2018-05-03 10:52 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2018-05-09 15:21 - 2018-05-03 10:52 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-05-09 15:21 - 2018-05-03 10:52 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2018-05-09 15:21 - 2018-05-03 10:51 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-05-09 15:21 - 2018-05-03 10:50 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-05-09 15:21 - 2018-05-03 10:50 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2018-05-09 15:21 - 2018-05-03 10:50 - 000423328 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2018-05-09 15:21 - 2018-05-03 10:50 - 000069536 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll 2018-05-09 15:21 - 2018-05-03 10:49 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2018-05-09 15:21 - 2018-05-03 10:48 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2018-05-09 15:21 - 2018-05-03 10:48 - 000793960 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2018-05-09 15:21 - 2018-05-03 10:48 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2018-05-09 15:21 - 2018-05-03 10:48 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-05-09 15:21 - 2018-05-03 10:47 - 008600472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-05-09 15:21 - 2018-05-03 10:47 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-05-09 15:21 - 2018-05-03 10:45 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2018-05-09 15:21 - 2018-05-03 10:45 - 000711936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-05-09 15:21 - 2018-05-03 10:43 - 000702568 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2018-05-09 15:21 - 2018-05-03 10:43 - 000373664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2018-05-09 15:21 - 2018-05-03 10:41 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-05-09 15:21 - 2018-05-03 10:38 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-05-09 15:21 - 2018-05-03 10:37 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-05-09 15:21 - 2018-05-03 10:37 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-05-09 15:21 - 2018-05-03 10:36 - 007675792 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-05-09 15:21 - 2018-05-03 10:36 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-05-09 15:21 - 2018-05-03 10:36 - 000437664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2018-05-09 15:21 - 2018-05-03 10:36 - 000247200 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2018-05-09 15:21 - 2018-05-03 10:35 - 002472864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2018-05-09 15:21 - 2018-05-03 10:35 - 000358496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-05-09 15:21 - 2018-05-03 10:34 - 021356824 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-05-09 15:21 - 2018-05-03 10:34 - 000070864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2018-05-09 15:21 - 2018-05-03 10:32 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-05-09 15:21 - 2018-05-03 09:44 - 000595448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2018-05-09 15:21 - 2018-05-03 09:43 - 000594056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2018-05-09 15:21 - 2018-05-03 09:39 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2018-05-09 15:21 - 2018-05-03 09:36 - 025254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-05-09 15:21 - 2018-05-03 09:31 - 006092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-05-09 15:21 - 2018-05-03 09:31 - 002193688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-05-09 15:21 - 2018-05-03 09:29 - 000285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-05-09 15:21 - 2018-05-03 09:28 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2018-05-09 15:21 - 2018-05-03 09:26 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-05-09 15:21 - 2018-05-03 09:25 - 020290248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-05-09 15:21 - 2018-05-03 09:19 - 003663360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-05-09 15:21 - 2018-05-03 09:19 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-05-09 15:21 - 2018-05-03 09:19 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-05-09 15:21 - 2018-05-03 09:18 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2018-05-09 15:21 - 2018-05-03 09:18 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-05-09 15:21 - 2018-05-03 09:18 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll 2018-05-09 15:21 - 2018-05-03 09:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2018-05-09 15:21 - 2018-05-03 09:17 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2018-05-09 15:21 - 2018-05-03 09:16 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadauthhelper.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2018-05-09 15:21 - 2018-05-03 09:16 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2018-05-09 15:21 - 2018-05-03 09:16 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll 2018-05-09 15:21 - 2018-05-03 09:15 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll 2018-05-09 15:21 - 2018-05-03 09:15 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll 2018-05-09 15:21 - 2018-05-03 09:15 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll 2018-05-09 15:21 - 2018-05-03 09:14 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-05-09 15:21 - 2018-05-03 09:14 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2018-05-09 15:21 - 2018-05-03 09:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2018-05-09 15:21 - 2018-05-03 09:13 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2018-05-09 15:21 - 2018-05-03 09:13 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2018-05-09 15:21 - 2018-05-03 09:12 - 000816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2018-05-09 15:21 - 2018-05-03 09:12 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-05-09 15:21 - 2018-05-03 09:12 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2018-05-09 15:21 - 2018-05-03 09:12 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2018-05-09 15:21 - 2018-05-03 09:11 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 008432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 008068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 004723712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-05-09 15:21 - 2018-05-03 09:09 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-05-09 15:21 - 2018-05-03 09:09 - 001344000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2018-05-09 15:21 - 2018-05-03 09:08 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-05-09 15:21 - 2018-05-03 09:08 - 000808960 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-05-09 15:21 - 2018-05-03 09:07 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-05-09 15:21 - 2018-05-03 09:06 - 003630080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2018-05-09 15:21 - 2018-05-03 09:05 - 001717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2018-05-09 15:21 - 2018-05-03 09:05 - 000483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2018-05-09 15:21 - 2018-05-03 09:05 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2018-05-09 15:21 - 2018-05-03 09:04 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll 2018-05-09 15:21 - 2018-05-03 09:03 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll 2018-05-09 15:21 - 2018-05-03 09:03 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe 2018-05-09 15:21 - 2018-05-03 09:03 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll 2018-05-09 15:21 - 2018-05-03 09:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2018-05-09 15:21 - 2018-05-03 09:00 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-05-09 15:21 - 2018-05-03 09:00 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2018-05-09 15:21 - 2018-05-03 09:00 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll 2018-05-09 15:21 - 2018-05-03 08:59 - 018924544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-05-09 15:21 - 2018-05-03 08:58 - 006467072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2018-05-09 15:21 - 2018-05-03 08:58 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 019354624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itircl.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadauthhelper.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-05-09 15:21 - 2018-05-03 08:57 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll 2018-05-09 15:21 - 2018-05-03 08:56 - 002677248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-05-09 15:21 - 2018-05-03 08:56 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2018-05-09 15:21 - 2018-05-03 08:56 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2018-05-09 15:21 - 2018-05-03 08:55 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-05-09 15:21 - 2018-05-03 08:54 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2018-05-09 15:21 - 2018-05-03 08:53 - 007813120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2018-05-09 15:21 - 2018-05-03 08:53 - 006060544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-05-09 15:21 - 2018-05-03 08:53 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2018-05-09 15:21 - 2018-05-03 08:53 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-05-09 15:21 - 2018-05-03 08:52 - 003662848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-05-09 15:21 - 2018-05-03 08:52 - 000664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-05-09 15:21 - 2018-05-03 08:52 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-05-09 15:21 - 2018-05-03 08:51 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-05-09 15:21 - 2018-05-03 08:51 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-05-09 15:21 - 2018-05-03 08:50 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-05-09 15:21 - 2018-05-03 08:50 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-05-09 15:21 - 2018-05-03 08:49 - 003430400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2018-05-09 15:21 - 2018-05-03 08:48 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2018-05-09 15:21 - 2018-05-03 08:48 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2018-05-09 15:21 - 2018-05-03 08:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2018-05-09 15:21 - 2018-05-03 08:47 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll 2018-05-09 15:21 - 2018-04-16 01:07 - 001463344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-05-09 15:21 - 2018-04-16 01:04 - 000779952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2018-05-09 15:21 - 2018-04-16 01:03 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2018-05-09 15:21 - 2018-04-16 00:57 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2018-05-09 15:21 - 2018-04-16 00:51 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-05-09 15:21 - 2018-04-16 00:50 - 001925760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2018-05-09 15:21 - 2018-04-16 00:49 - 001954056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-05-09 15:21 - 2018-04-16 00:49 - 000563632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll 2018-05-09 15:21 - 2018-04-16 00:49 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2018-05-09 15:21 - 2018-04-16 00:48 - 005859248 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2018-05-09 15:21 - 2018-04-16 00:48 - 001638424 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-05-09 15:21 - 2018-04-16 00:47 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys 2018-05-09 15:21 - 2018-04-16 00:38 - 003180720 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2018-05-09 15:21 - 2018-04-16 00:38 - 000979360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2018-05-09 15:21 - 2018-04-16 00:34 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2018-05-09 15:21 - 2018-04-16 00:33 - 001269616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2018-05-09 15:21 - 2018-04-16 00:33 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-05-09 15:21 - 2018-04-16 00:32 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2018-05-09 15:21 - 2018-04-16 00:32 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2018-05-09 15:21 - 2018-04-16 00:30 - 002268024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2018-05-09 15:21 - 2018-04-16 00:29 - 001873944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2018-05-09 15:21 - 2018-04-16 00:29 - 001779936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-05-09 15:21 - 2018-04-16 00:29 - 000198440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe 2018-05-09 15:21 - 2018-04-16 00:28 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2018-05-09 15:21 - 2018-04-16 00:26 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-05-09 15:21 - 2018-04-16 00:26 - 002711176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2018-05-09 15:21 - 2018-04-16 00:26 - 001506200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2018-05-09 15:21 - 2018-04-16 00:25 - 001430768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2018-05-09 15:21 - 2018-04-16 00:25 - 000661920 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2018-05-09 15:21 - 2018-04-16 00:25 - 000327008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll 2018-05-09 15:21 - 2018-04-16 00:25 - 000092032 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe 2018-05-09 15:21 - 2018-04-16 00:24 - 000063656 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2018-05-09 15:21 - 2018-04-16 00:23 - 001101208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-05-09 15:21 - 2018-04-15 23:47 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-05-09 15:21 - 2018-04-15 23:47 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-05-09 15:21 - 2018-04-15 23:47 - 001490856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2018-05-09 15:21 - 2018-04-15 23:47 - 001433360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-05-09 15:21 - 2018-04-15 23:47 - 001323336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-05-09 15:21 - 2018-04-15 23:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2018-05-09 15:21 - 2018-04-15 23:47 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2018-05-09 15:21 - 2018-04-15 23:38 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2018-05-09 15:21 - 2018-04-15 23:38 - 001123464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2018-05-09 15:21 - 2018-04-15 23:38 - 000444280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll 2018-05-09 15:21 - 2018-04-15 23:37 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2018-05-09 15:21 - 2018-04-15 23:36 - 002386832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2018-05-09 15:21 - 2018-04-15 23:36 - 001575896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2018-05-09 15:21 - 2018-04-15 23:36 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2018-05-09 15:21 - 2018-04-15 23:36 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2018-05-09 15:21 - 2018-04-15 23:35 - 002462704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 006482664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 001456104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 001017048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 000572312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 000279472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll 2018-05-09 15:21 - 2018-04-15 23:34 - 000166408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe 2018-05-09 15:21 - 2018-04-15 23:34 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe 2018-05-09 15:21 - 2018-04-15 23:34 - 000052248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2018-05-09 15:21 - 2018-04-15 23:16 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2018-05-09 15:21 - 2018-04-15 23:15 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2018-05-09 15:21 - 2018-04-15 23:15 - 000674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockController.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll 2018-05-09 15:21 - 2018-04-15 23:14 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll 2018-05-09 15:21 - 2018-04-15 23:13 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2018-05-09 15:21 - 2018-04-15 23:13 - 000084992 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2018-05-09 15:21 - 2018-04-15 23:12 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2018-05-09 15:21 - 2018-04-15 23:12 - 013704704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2018-05-09 15:21 - 2018-04-15 23:12 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2018-05-09 15:21 - 2018-04-15 23:12 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2018-05-09 15:21 - 2018-04-15 23:12 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2018-05-09 15:21 - 2018-04-15 23:11 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 001576960 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000571904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2018-05-09 15:21 - 2018-04-15 23:10 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MicrosoftAccountWAMExtension.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000192000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2018-05-09 15:21 - 2018-04-15 23:10 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2018-05-09 15:21 - 2018-04-15 23:09 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2018-05-09 15:21 - 2018-04-15 23:08 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.Schema.Shell.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000448000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll 2018-05-09 15:21 - 2018-04-15 23:08 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 012689920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000406016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2018-05-09 15:21 - 2018-04-15 23:07 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2018-05-09 15:21 - 2018-04-15 23:07 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 013660672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 011924480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2018-05-09 15:21 - 2018-04-15 23:06 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-05-09 15:21 - 2018-04-15 23:06 - 000139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll 2018-05-09 15:21 - 2018-04-15 23:05 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-05-09 15:21 - 2018-04-15 23:04 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 002523136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 001236480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000997376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-05-09 15:21 - 2018-04-15 23:04 - 000976896 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2018-05-09 15:21 - 2018-04-15 23:04 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll 2018-05-09 15:21 - 2018-04-15 23:04 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 004248064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 003177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 001224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2018-05-09 15:21 - 2018-04-15 23:03 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-05-09 15:21 - 2018-04-15 23:03 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000697344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll 2018-05-09 15:21 - 2018-04-15 23:03 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll 2018-05-09 15:21 - 2018-04-15 23:02 - 004814336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2018-05-09 15:21 - 2018-04-15 23:02 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2018-05-09 15:21 - 2018-04-15 23:02 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2018-05-09 15:21 - 2018-04-15 23:02 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2018-05-09 15:21 - 2018-04-15 23:02 - 000440832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 000518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2018-05-09 15:21 - 2018-04-15 23:01 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2018-05-09 15:21 - 2018-04-15 23:00 - 002223616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-05-09 15:21 - 2018-04-15 23:00 - 000682496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2018-05-09 15:21 - 2018-04-15 23:00 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2018-05-09 15:21 - 2018-04-15 23:00 - 000252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2018-05-09 15:21 - 2018-04-15 23:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2018-05-09 15:21 - 2018-04-15 22:59 - 001332736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll 2018-05-09 15:21 - 2018-04-15 22:59 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2018-05-09 15:21 - 2018-04-15 22:58 - 001472000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2018-05-09 15:21 - 2018-04-15 22:58 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2018-05-09 15:21 - 2017-11-26 16:26 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-04 17:49 - 2018-02-20 02:42 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-06-04 17:24 - 2018-02-20 02:49 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C284AE83-1A6F-4C19-AE80-B7AA67B4A9B9} 2018-06-04 17:23 - 2017-06-29 22:21 - 000000000 ____D C:\Users\Все пользователи\NVIDIA 2018-06-04 17:23 - 2017-06-29 22:21 - 000000000 ____D C:\ProgramData\NVIDIA 2018-06-04 17:20 - 2017-11-10 16:34 - 000000000 __SHD C:\Users\Георгий\IntelGraphicsProfiles 2018-05-31 15:16 - 2018-02-20 02:54 - 002522644 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-05-31 15:16 - 2017-09-30 17:35 - 001164000 _____ C:\WINDOWS\system32\perfh019.dat 2018-05-31 15:16 - 2017-09-30 17:35 - 000267002 _____ C:\WINDOWS\system32\perfc019.dat 2018-05-31 15:15 - 2017-09-29 16:44 - 000000000 ____D C:\WINDOWS\INF 2018-05-31 15:12 - 2018-02-20 02:49 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-05-31 15:11 - 2017-09-29 11:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-05-24 22:52 - 2018-02-20 02:49 - 000003966 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1510324497 2018-05-20 23:57 - 2018-02-20 02:45 - 000000000 ____D C:\Users\Георгий 2018-05-20 22:56 - 2018-02-20 23:12 - 000000000 ____D C:\Users\Георгий\Doctor Web 2018-05-16 15:24 - 2017-12-17 02:31 - 000000000 ____D C:\Users\Георгий\AppData\Local\LogMeIn Hamachi 2018-05-12 23:56 - 2018-02-20 02:45 - 000000000 ____D C:\Users\Георгий\AppData\Local\Packages 2018-05-12 23:56 - 2017-09-29 16:46 - 000000000 ___HD C:\Program Files\WindowsApps 2018-05-12 23:56 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-05-12 23:52 - 2017-12-12 22:30 - 000000000 ____D C:\Users\Георгий\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spirit 2018-05-12 23:50 - 2017-06-29 22:17 - 000000000 ____D C:\Users\Все пользователи\Package Cache 2018-05-12 23:50 - 2017-06-29 22:17 - 000000000 ____D C:\ProgramData\Package Cache 2018-05-12 23:49 - 2017-06-29 22:17 - 000000000 ____D C:\Program Files\Intel 2018-05-12 22:51 - 2017-11-11 01:41 - 000000000 ____D C:\Program Files (x86)\Google 2018-05-12 22:46 - 2017-12-07 17:05 - 000000000 ____D C:\WINDOWS\AAct_Tools 2018-05-12 22:25 - 2017-09-29 16:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-05-12 22:14 - 2017-11-10 17:43 - 000000000 ____D C:\Users\Георгий\AppData\Roaming\uTorrent 2018-05-12 22:14 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-05-11 23:51 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2018-05-10 02:10 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\rescache 2018-05-10 01:43 - 2018-02-20 03:24 - 000000000 ___RD C:\Users\Георгий\3D Objects 2018-05-10 01:43 - 2018-02-20 02:42 - 000413192 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-05-10 01:43 - 2017-05-25 18:57 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-05-09 15:32 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-05-09 15:32 - 2017-09-29 11:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-05-09 15:32 - 2017-09-29 11:45 - 000000000 ____D C:\WINDOWS\servicing 2018-05-09 15:22 - 2017-09-29 16:42 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2018-05-09 15:22 - 2017-09-29 16:41 - 000073112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-05-09 15:22 - 2017-09-29 16:41 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2018-05-09 15:22 - 2017-09-29 16:41 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2018-05-09 15:09 - 2018-03-14 23:38 - 000004634 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-05-09 15:09 - 2018-02-20 02:49 - 000004646 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-05-09 15:09 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-05-09 15:09 - 2017-09-29 16:46 - 000000000 ____D C:\WINDOWS\system32\Macromed ==================== Files in the root of some directories ======= 2018-02-20 22:55 - 2018-02-20 22:55 - 000000017 _____ () C:\Users\Георгий\AppData\Local\resmon.resmoncfg 2018-01-07 18:12 - 2018-01-07 18:12 - 000000003 _____ () C:\Users\Георгий\AppData\Local\updater.log 2018-01-07 18:12 - 2018-01-07 18:12 - 000000425 _____ () C:\Users\Георгий\AppData\Local\UserProducts.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-26 23:14 ==================== End of FRST.txt ============================