Am i still infected? What should i do?

rebeccavalentine · Apr 9, 2017

I am using Windows 10 in my new laptop bought less than a month ago. I try to be careful when it comes to malware. I use a bunch of anti malware software & run scans once a week. Everything seemed ok until yesterday.

Yesterday, I had a college presentation & had to plug in my friend's pendrive which had lots of viruses. I did not want to, but had to click on the shortcut virus to open her files since i was standing in front of the whole class & i had to give the presentation. It also had an autorun virus along with others. I could not unplug the pendrive until i finished with my presentation.

Can someone please help me on what to do to get rid of all of them which may have infected my OS while I plugged the drive in my laptop?

I have tried scanning again & again, till all the scan results were almost clean. But still i fear some may be left out. what should i do?

I use zemana antimalware, emergency kit scanner from emsisoft, Kaspersky Virus Removal Tool & TDSS Killer from kaspersky, aswmbr from avast, malwarebytes antirootkit, adwcleaner & JRT from malwarebytes, superantispyware to run scans. I ran all of these again & again till all of them came up with clean results. I tried running all of these in safe mode as well, but got clean results again.

( I use avira free antivirus as my main antivirus. )

what should i do now? How can i find out if my laptop is clean or not? Someone please help me out on this. Would be highly thankful if someone could come up with a solution to ensure my laptop is clean.

( PS. when i run malwarebytes 3.0 free version, its scan only runs for 3 seconds & finishes showing me clean results. Ive checked & re-checked to include all the drives in the configure scan options but still the scan lasts only for 3 seconds. I tried posting about this in their forum, but got no replies.
When i ran avastMBR the scan result had a yellow item. Ive attached its log file below. I dont know what it indicates. )

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2017-04-09 18:20:42
-----------------------------
18:20:42.509 OS Version: Windows x64 6.2.9200
18:20:42.510 Number of processors: 8 586 0x5E03
18:20:42.511 ComputerName: REBECCA-VALENTI UserName:
18:20:43.373 Initialize success
18:20:43.403 VM: initialized successfully
18:20:43.404 VM: Intel CPU supported
18:20:45.018 VM: not used
18:25:22.456 AVAST engine defs: 17030301
18:56:27.326 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000003d
18:56:27.333 Disk 0 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
18:56:27.338 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003f
18:56:27.342 Disk 1 Vendor: SanDisk_SD8SNAT128G1002 Z2317002 Size: 122104MB BusType: 11
18:56:27.354 Disk 1 MBR read successfully
18:56:27.358 Disk 1 MBR scan
18:56:27.372 Disk 1 unknown MBR code
18:56:27.376 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
18:56:27.396 Disk 1 scanning C:\WINDOWS\system32\drivers
18:56:29.094 Service scanning
18:56:29.314 Service 73FA0A2F C:\WINDOWS\system32\drivers\73FA0A2F.sys **LOCKED**
18:56:39.245 Modules scanning
18:56:39.252 Disk 1 trace - called modules:
18:56:39.265 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys intelpep.sys iaStorA.sys hal.dll
18:56:39.272 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffd507acf86060]
18:56:39.276 3 CLASSPNP.SYS[fffff8059f705efb] -> nt!IofCallDriver -> [0xffffd507aa51fe40]
18:56:39.280 5 ACPI.sys[fffff8059e254571] -> nt!IofCallDriver -> [0xffffd507aa536e40]
18:56:39.286 7 ACPI.sys[fffff8059e254571] -> nt!IofCallDriver -> \Device\0000003f[0xffffd507aa53a060]
18:56:40.507 AVAST engine scan C:\
19:27:44.165 Disk 1 statistics 7802070/0/0 @ 2.83 MB/s
19:27:44.172 Scan finished successfully
19:34:36.254 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000003d
19:34:36.260 Disk 0 Vendor: HGST_HTS721010A9E630 JB0OA3J0 Size: 953869MB BusType: 11
19:34:36.267 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000003f
19:34:36.274 Disk 1 Vendor: SanDisk_SD8SNAT128G1002 Z2317002 Size: 122104MB BusType: 11
19:34:36.299 Disk 1 MBR read successfully
19:34:36.305 Disk 1 MBR scan
19:34:36.317 Disk 1 unknown MBR code
19:34:36.323 Disk 1 Partition 1 00 EE GPT 2097151 MB offset 1
19:34:36.354 Disk 1 scanning C:\WINDOWS\system32\drivers
19:34:47.285 Service scanning
19:35:01.184 Modules scanning
19:35:01.196 Disk 1 trace - called modules:
19:35:01.212 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys intelpep.sys iaStorA.sys hal.dll
19:35:01.220 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xffffd507acf86060]
19:35:01.225 3 CLASSPNP.SYS[fffff8059f705efb] -> nt!IofCallDriver -> [0xffffd507aa51fe40]
19:35:01.232 5 ACPI.sys[fffff8059e254571] -> nt!IofCallDriver -> [0xffffd507aa536e40]
19:35:01.242 7 ACPI.sys[fffff8059e254571] -> nt!IofCallDriver -> \Device\0000003f[0xffffd507aa53a060]
19:35:02.409 AVAST engine scan D:\
19:39:26.698 Disk 1 statistics 8239948/0/0 @ 2.76 MB/s
19:39:26.706 Scan finished successfully
19:48:13.593 Disk 1 MBR has been saved successfully to "C:\Users\Rebecca Valentine\Downloads\MBR.dat"
19:48:13.597 The log file has been saved successfully to "C:\Users\Rebecca Valentine\Downloads\aswMBR.txt"

rebeccavalentine · Apr 9, 2017

Here are the logs of FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Rebecca Valentine (administrator) on REBECCA-VALENTI (09-04-2017 20:23:14)
Running from C:\Users\Rebecca Valentine\Downloads
Loaded Profiles: Rebecca Valentine & (Available Profiles: Rebecca Valentine)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dashlane, Inc.) C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-11] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1831256 2016-01-08] (Conexant Systems, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-02-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [909744 2017-03-22] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.)
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] ()
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.)
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] ()
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\Run: [Dashlane] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-03-17] (Dashlane, Inc.)
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\Run: [DashlanePlugin] => C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-03-17] ()
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\MountPoints2: {afe88079-13d4-11e7-a743-b88a60a163c7} - "G:\Windows/AutoRun.exe" /autoinstall
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\MountPoints2: {f03f99c8-e9f6-11e6-a737-704d7b495897} - "F:\Setup.exe"
ShellIconOverlayIdentifiers: [! IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-07-24] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{4eafb5ea-6d1b-44af-8ac5-86c794997104}: [DhcpNameServer] 10.66.104.1
Tcpip\..\Interfaces\{5ace2ffb-a6b8-4388-a6d7-d6a943e8e16a}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{a3be0d6d-b561-4427-b769-5a54e5f3cb28}: [DhcpNameServer] 192.168.224.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-07-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-03-17] (Dashlane, Inc.)

FireFox:
========
FF DefaultProfile: rebeccasweety4@gmail.com
FF ProfilePath: C:\Users\Rebecca Valentine\AppData\Roaming\Mozilla\Firefox\Profiles\gRJaQfMt.default [2017-03-10]
FF Extension: (Avira Browser Safety) - C:\Users\Rebecca Valentine\AppData\Roaming\Mozilla\Firefox\Profiles\gRJaQfMt.default\Extensions\abs@avira.com [2017-03-10]
FF HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rebecca Valentine\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Rebecca Valentine\AppData\Roaming\IDM\idmmzcc5 [2017-04-09] [not signed]
FF HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rebecca Valentine\AppData\Roaming\IDM\idmmzcc5
FF HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rebecca Valentine\AppData\Roaming\IDM\idmmzcc5
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-18] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR NewTab: Profile 1 -> Active:"chrome-extension://ncdfeghkpohnalmpblddmnppfooljekh/core/newpage-pop.html"
CHR Profile: C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Profile: C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-09]
CHR Extension: (Queen Elsa of Arendelle - Frozen) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\andadcipdpeombhjneecehpogbbjomij [2017-01-18]
CHR Extension: (uBlock Origin) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-15]
CHR Extension: (Dashlane Secure Password Manager) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-03-02]
CHR Extension: (Avira Browser Safety) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-04-09]
CHR Extension: (History Eraser) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjieilkfnnjoihjjonajndjldjoagffm [2017-01-31]
CHR Extension: (Imagus) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-04-09]
CHR Extension: (Disconnect) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2017-01-18]
CHR Extension: (Extensity) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jjmflmamggggndanpgfnpelongoepncg [2017-02-14]
CHR Extension: (The Great Suspender) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-03-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-01-18]
CHR Extension: (Incredible StartPage - Productive Start Page) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ncdfeghkpohnalmpblddmnppfooljekh [2017-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Image Size Info) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oihdhfbfoagfkpcncinlbhfdgpegcigf [2017-03-14]
CHR Extension: (TunnelBear VPN) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2017-04-08]
CHR Extension: (Chrome Media Router) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-09]
CHR Profile: C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 4 [2017-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-14]
CHR Profile: C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-03]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1115552 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [487432 2017-03-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1519136 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S4 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [310152 2017-02-10] (Avira Operations GmbH & Co. KG)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe [301536 2016-11-30] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe [480224 2016-11-30] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2015-07-13] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165616 2015-09-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe [341984 2016-11-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-22] (Intel Corporation)
S4 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2017-02-08] (Malwarebytes Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197776 2016-12-14] (Sandboxie Holdings, LLC)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-02-02] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14471408 2017-03-06] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsusSGDrv; C:\WINDOWS\system32\DRIVERS\AsusSGDrv.sys [138744 2015-12-19] (ASUS Corporation)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-02-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-02-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-02-15] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [48584 2017-02-15] (Avira Operations GmbH & Co. KG)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2015-07-13] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2015-07-13] (Intel Corporation)
R1 epp; C:\EEK\bin64\epp.sys [115216 2017-01-03] (Emsisoft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2015-07-13] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2017-02-08] ()
R1 FNETURPX; C:\WINDOWS\System32\drivers\FNETURPX.SYS [16648 2017-01-20] (FNet Co., Ltd.)
R1 FNETVDDA; C:\WINDOWS\System32\drivers\FNETVDDA.SYS [37128 2017-01-20] (FNet Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [121616 2015-09-24] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igdkmd64.sys [11039712 2016-11-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7231248 2016-06-17] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [205968 2016-12-14] (Sandboxie Holdings, LLC)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-20] (Zemana Ltd.)
U3 aswMBR; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswMBR.sys [62728 2017-03-19] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswVmm.sys [224896 2017-04-09] () <==== ATTENTION
U3 aswbdisk; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]

rebeccavalentine · Apr 9, 2017

The log continued..

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 20:23 - 2017-04-09 20:23 - 00026261 _____ C:\Users\Rebecca Valentine\Downloads\FRST.txt
2017-04-09 20:22 - 2017-04-09 20:23 - 00000000 ____D C:\FRST
2017-04-09 20:14 - 2017-04-09 20:14 - 00001051 _____ C:\Users\Rebecca Valentine\Desktop\MB.txt
2017-04-09 20:11 - 2017-04-09 20:18 - 204130528 _____ C:\Users\Rebecca Valentine\Downloads\mwav.exe
2017-04-09 20:09 - 2017-04-09 20:09 - 00752296 _____ C:\Users\Rebecca Valentine\Downloads\Adware Removal Tool by TSA.exe
2017-04-09 20:07 - 2017-04-09 20:07 - 00892416 _____ (Farbar) C:\Users\Rebecca Valentine\Downloads\MiniToolBox.exe
2017-04-09 20:07 - 2017-04-09 20:07 - 00278831 _____ C:\Users\Rebecca Valentine\Downloads\wireless.exe
2017-04-09 20:05 - 2017-04-09 20:22 - 02424832 _____ (Farbar) C:\Users\Rebecca Valentine\Downloads\FRST64.exe
2017-04-09 20:04 - 2017-04-09 20:05 - 00899584 _____ C:\Users\Rebecca Valentine\Downloads\RGSA.exe
2017-04-09 19:48 - 2017-04-09 19:48 - 00003449 _____ C:\Users\Rebecca Valentine\Downloads\aswMBR.txt
2017-04-09 19:48 - 2017-04-09 19:48 - 00000512 _____ C:\Users\Rebecca Valentine\Downloads\MBR.dat
2017-04-09 18:20 - 2017-04-09 18:23 - 37892136 _____ (Malwarebytes ) C:\Users\Rebecca Valentine\Downloads\MBARW_Setup.exe
2017-04-09 18:06 - 2017-04-09 18:06 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\73FA0A2F.sys
2017-04-09 18:06 - 2017-04-09 18:06 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\63758498.sys
2017-04-09 17:45 - 2017-04-09 17:45 - 00000575 _____ C:\Users\Rebecca Valentine\Desktop\JRT.txt
2017-04-09 17:39 - 2017-04-09 17:42 - 01665490 _____ C:\TDSSKiller.3.1.0.12_09.04.2017_17.39.18_log.txt
2017-04-09 17:23 - 2017-04-09 17:38 - 00179938 _____ C:\TDSSKiller.3.1.0.12_09.04.2017_17.23.27_log.txt
2017-04-09 17:07 - 2017-04-09 17:16 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-09 17:01 - 2017-04-09 17:01 - 00007424 _____ C:\TDSSKiller.3.1.0.12_09.04.2017_17.01.43_log.txt
2017-04-08 18:05 - 2017-04-09 17:24 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-04-08 18:05 - 2017-04-09 17:23 - 00001443 _____ C:\Users\Rebecca Valentine\Desktop\tdsskiller.lnk
2017-04-08 18:02 - 2017-04-09 17:00 - 00095098 _____ C:\TDSSKiller.3.1.0.12_08.04.2017_18.02.57_log.txt
2017-04-08 12:04 - 2017-04-09 17:09 - 00001497 _____ C:\Users\Rebecca Valentine\Desktop\adwcleaner.lnk
2017-04-08 11:42 - 2017-04-08 13:19 - 00001385 _____ C:\Users\Rebecca Valentine\Desktop\KVRT.lnk
2017-04-06 00:58 - 2017-04-06 00:58 - 00002291 _____ C:\Users\Public\Desktop\HP Deskjet 2510 series.lnk
2017-04-06 00:58 - 2017-04-06 00:58 - 00000057 _____ C:\ProgramData\Ament.ini
2017-04-06 00:58 - 2017-04-06 00:58 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\LocalLow\Hewlett-Packard
2017-04-06 00:58 - 2017-04-06 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-04-06 00:58 - 2017-04-06 00:58 - 00000000 ____D C:\Program Files\HP
2017-04-06 00:58 - 2017-04-06 00:58 - 00000000 ____D C:\Program Files (x86)\HP
2017-04-06 00:58 - 2017-04-06 00:58 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-04-06 00:57 - 2017-04-06 00:59 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\HP
2017-04-05 10:41 - 2017-04-09 20:12 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\2017-04
2017-04-03 12:09 - 2017-04-09 17:01 - 00000000 ____D C:\Program Files (x86)\Mblaze_Home
2017-04-03 12:09 - 2017-04-03 12:09 - 00000000 ____D C:\WINDOWS\SupportAppPBMblaze_Home
2017-04-03 12:09 - 2017-04-03 12:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mblaze_Home
2017-04-03 12:09 - 2017-04-03 12:09 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-03-30 20:19 - 2017-04-01 02:20 - 00000350 _____ C:\Users\Rebecca Valentine\Downloads\Shortcuts on Chrome.txt
2017-03-28 01:23 - 2017-03-28 01:23 - 00001537 _____ C:\Users\Rebecca Valentine\Desktop\TheSage.lnk
2017-03-26 20:15 - 2017-03-31 21:22 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\2017-03
2017-03-19 13:28 - 2017-03-19 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-03-19 02:03 - 2017-03-19 02:03 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Avira
2017-03-19 01:58 - 2017-03-19 01:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-03-19 01:57 - 2017-02-15 16:55 - 00163976 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-03-19 01:57 - 2017-02-15 16:55 - 00161824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-03-19 01:57 - 2017-02-15 16:55 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-03-19 01:57 - 2017-02-15 16:55 - 00048584 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-03-19 01:57 - 2017-02-15 16:55 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-03-17 22:37 - 2017-03-22 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-17 22:37 - 2017-03-19 01:57 - 00000000 ____D C:\ProgramData\Avira
2017-03-17 22:37 - 2017-03-19 01:57 - 00000000 ____D C:\Program Files (x86)\Avira
2017-03-15 20:09 - 2017-03-04 13:27 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-03-15 20:09 - 2017-03-04 13:27 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-03-15 20:09 - 2017-03-04 13:10 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-15 20:09 - 2017-03-04 12:56 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-15 20:09 - 2017-03-04 12:54 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-15 20:09 - 2017-03-04 12:54 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-15 20:09 - 2017-03-04 12:54 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-15 20:09 - 2017-03-04 12:53 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-15 20:09 - 2017-03-04 12:52 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-15 20:09 - 2017-03-04 12:49 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-15 20:09 - 2017-03-04 12:48 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-03-15 20:09 - 2017-03-04 12:45 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-15 20:09 - 2017-03-04 12:39 - 07220696 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-15 20:09 - 2017-03-04 12:39 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-15 20:09 - 2017-03-04 12:39 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-15 20:09 - 2017-03-04 12:38 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-15 20:09 - 2017-03-04 12:37 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-15 20:09 - 2017-03-04 12:36 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-15 20:09 - 2017-03-04 12:34 - 08169536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-15 20:09 - 2017-03-04 12:34 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-15 20:09 - 2017-03-04 12:34 - 01362512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-03-15 20:09 - 2017-03-04 12:34 - 01063472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01989072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01723560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-03-15 20:09 - 2017-03-04 12:33 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01301112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-15 20:09 - 2017-03-04 12:33 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-15 20:09 - 2017-03-04 12:32 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-15 20:09 - 2017-03-04 12:31 - 00137936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-15 20:09 - 2017-03-04 12:27 - 02536288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-03-15 20:09 - 2017-03-04 12:27 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-03-15 20:09 - 2017-03-04 12:26 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-15 20:09 - 2017-03-04 12:26 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-15 20:09 - 2017-03-04 12:24 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-15 20:09 - 2017-03-04 12:24 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 02256080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-15 20:09 - 2017-03-04 12:23 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-15 20:09 - 2017-03-04 12:23 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-15 20:09 - 2017-03-04 12:23 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-03-15 20:09 - 2017-03-04 12:22 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-15 20:09 - 2017-03-04 12:22 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-15 20:09 - 2017-03-04 12:21 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-03-15 20:09 - 2017-03-04 12:21 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-03-15 20:09 - 2017-03-04 12:20 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 06667528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 04023000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01853224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01202384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00981376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-15 20:09 - 2017-03-04 12:17 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-15 20:09 - 2017-03-04 12:16 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-15 20:09 - 2017-03-04 12:16 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-15 20:09 - 2017-03-04 12:15 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-15 20:09 - 2017-03-04 12:15 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-15 20:09 - 2017-03-04 12:12 - 01415240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-15 20:09 - 2017-03-04 12:12 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-15 20:09 - 2017-03-04 12:12 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-03-15 20:09 - 2017-03-04 12:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-15 20:09 - 2017-03-04 12:10 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-03-15 20:09 - 2017-03-04 12:09 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-15 20:09 - 2017-03-04 12:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-03-15 20:09 - 2017-03-04 12:06 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-03-15 20:09 - 2017-03-04 12:04 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-15 20:09 - 2017-03-04 12:04 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-03-15 20:09 - 2017-03-04 12:04 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-03-15 20:09 - 2017-03-04 12:04 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-03-15 20:09 - 2017-03-04 12:04 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-03-15 20:09 - 2017-03-04 12:03 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-03-15 20:09 - 2017-03-04 12:02 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-03-15 20:09 - 2017-03-04 12:01 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-03-15 20:09 - 2017-03-04 12:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-03-15 20:09 - 2017-03-04 12:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-15 20:09 - 2017-03-04 12:00 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-15 20:09 - 2017-03-04 12:00 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-03-15 20:09 - 2017-03-04 12:00 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-03-15 20:09 - 2017-03-04 12:00 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-03-15 20:09 - 2017-03-04 12:00 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-15 20:09 - 2017-03-04 12:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2017-03-15 20:09 - 2017-03-04 11:59 - 00019968 _____ C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll
2017-03-15 20:09 - 2017-03-04 11:58 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-03-15 20:09 - 2017-03-04 11:58 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-15 20:09 - 2017-03-04 11:58 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-03-15 20:09 - 2017-03-04 11:58 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-15 20:09 - 2017-03-04 11:57 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-03-15 20:09 - 2017-03-04 11:57 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2017-03-15 20:09 - 2017-03-04 11:57 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-15 20:09 - 2017-03-04 11:56 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-15 20:09 - 2017-03-04 11:55 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-03-15 20:09 - 2017-03-04 11:55 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscandui.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2017-03-15 20:09 - 2017-03-04 11:55 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfui.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-15 20:09 - 2017-03-04 11:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2017-03-15 20:09 - 2017-03-04 11:53 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-15 20:09 - 2017-03-04 11:53 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-15 20:09 - 2017-03-04 11:53 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-03-15 20:09 - 2017-03-04 11:53 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-15 20:09 - 2017-03-04 11:52 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-03-15 20:09 - 2017-03-04 11:52 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 06285824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 01937920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-03-15 20:09 - 2017-03-04 11:51 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\main.cpl
2017-03-15 20:09 - 2017-03-04 11:51 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2017-03-15 20:09 - 2017-03-04 11:51 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-03-15 20:09 - 2017-03-04 11:50 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-15 20:09 - 2017-03-04 11:49 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-15 20:09 - 2017-03-04 11:49 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-15 20:09 - 2017-03-04 11:49 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-15 20:09 - 2017-03-04 11:48 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-15 20:09 - 2017-03-04 11:47 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-15 20:09 - 2017-03-04 11:47 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-03-15 20:09 - 2017-03-04 11:47 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-03-15 20:09 - 2017-03-04 11:47 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-15 20:09 - 2017-03-04 11:47 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-03-15 20:09 - 2017-03-04 11:46 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-03-15 20:09 - 2017-03-04 11:46 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-03-15 20:09 - 2017-03-04 11:45 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-15 20:09 - 2017-03-04 11:45 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-03-15 20:09 - 2017-03-04 11:45 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-15 20:09 - 2017-03-04 11:45 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-15 20:09 - 2017-03-04 11:45 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-15 20:09 - 2017-03-04 11:44 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-03-15 20:09 - 2017-03-04 11:44 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-03-15 20:09 - 2017-03-04 11:43 - 04613120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-15 20:09 - 2017-03-04 11:43 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-03-15 20:09 - 2017-03-04 11:42 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-03-15 20:09 - 2017-03-04 11:42 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 03441664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-15 20:09 - 2017-03-04 11:41 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-03-15 20:09 - 2017-03-04 11:40 - 01536000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 01399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-15 20:09 - 2017-03-04 11:40 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-15 20:09 - 2017-03-04 11:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-03-15 20:09 - 2017-03-04 11:39 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-15 20:09 - 2017-03-04 11:38 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-15 20:09 - 2017-03-04 11:38 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-03-15 20:09 - 2017-03-04 11:37 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-15 20:09 - 2017-03-04 11:37 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-03-15 20:09 - 2017-03-04 11:36 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-03-15 20:09 - 2017-03-04 11:35 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-03-15 20:09 - 2017-03-04 11:35 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 01826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-15 20:09 - 2017-03-04 11:34 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-15 20:09 - 2017-03-04 11:33 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-15 20:09 - 2017-03-04 11:33 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-15 20:09 - 2017-03-04 11:33 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-03-15 20:09 - 2017-03-04 11:33 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2017-03-15 20:09 - 2017-03-04 11:33 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-15 20:09 - 2017-03-04 11:33 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-03-15 20:09 - 2017-03-04 11:32 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-15 20:09 - 2017-03-04 11:31 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-15 20:09 - 2017-03-04 11:31 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-15 20:09 - 2017-03-04 11:31 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 02996736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-15 20:09 - 2017-03-04 11:30 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-15 20:09 - 2017-03-04 11:30 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-03-15 20:09 - 2017-03-04 11:29 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-15 20:09 - 2017-03-04 11:29 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-15 20:09 - 2017-03-04 11:27 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-03-15 20:09 - 2017-03-04 11:27 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-03-15 20:09 - 2017-03-04 11:27 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-15 20:09 - 2017-03-04 11:27 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-03-15 20:09 - 2017-03-04 11:06 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-03-15 20:09 - 2017-02-22 07:47 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-15 20:08 - 2017-03-04 13:27 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-15 20:08 - 2017-03-04 13:05 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-15 20:08 - 2017-03-04 13:05 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-15 20:08 - 2017-03-04 12:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-15 20:08 - 2017-03-04 12:55 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-15 20:08 - 2017-03-04 12:54 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-15 20:08 - 2017-03-04 12:54 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-15 20:08 - 2017-03-04 12:54 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-15 20:08 - 2017-03-04 12:54 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-15 20:08 - 2017-03-04 12:54 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-15 20:08 - 2017-03-04 12:52 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-15 20:08 - 2017-03-04 12:52 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-15 20:08 - 2017-03-04 12:52 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-15 20:08 - 2017-03-04 12:51 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-15 20:08 - 2017-03-04 12:50 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-15 20:08 - 2017-03-04 12:50 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-15 20:08 - 2017-03-04 12:49 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-15 20:08 - 2017-03-04 12:48 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-15 20:08 - 2017-03-04 12:48 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-15 20:08 - 2017-03-04 12:48 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-15 20:08 - 2017-03-04 12:47 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-15 20:08 - 2017-03-04 12:45 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-15 20:08 - 2017-03-04 12:45 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-15 20:08 - 2017-03-04 12:43 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-15 20:08 - 2017-03-04 12:41 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-15 20:08 - 2017-03-04 12:41 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-15 20:08 - 2017-03-04 12:40 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-15 20:08 - 2017-03-04 12:40 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-15 20:08 - 2017-03-04 12:40 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-15 20:08 - 2017-03-04 12:39 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-03-15 20:08 - 2017-03-04 12:39 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-03-15 20:08 - 2017-03-04 12:39 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-15 20:08 - 2017-03-04 12:39 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-15 20:08 - 2017-03-04 12:39 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-15 20:08 - 2017-03-04 12:39 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-15 20:08 - 2017-03-04 12:39 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-15 20:08 - 2017-03-04 12:39 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-15 20:08 - 2017-03-04 12:39 - 00178520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-03-15 20:08 - 2017-03-04 12:38 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-15 20:08 - 2017-03-04 12:38 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-15 20:08 - 2017-03-04 12:38 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-15 20:08 - 2017-03-04 12:38 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-15 20:08 - 2017-03-04 12:38 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-15 20:08 - 2017-03-04 12:37 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-15 20:08 - 2017-03-04 12:37 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-03-15 20:08 - 2017-03-04 12:37 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-15 20:08 - 2017-03-04 12:37 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-03-15 20:08 - 2017-03-04 12:37 - 00989016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-03-15 20:08 - 2017-03-04 12:37 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-15 20:08 - 2017-03-04 12:37 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-15 20:08 - 2017-03-04 12:37 - 00682808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-03-15 20:08 - 2017-03-04 12:37 - 00432992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-15 20:08 - 2017-03-04 12:37 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-15 20:08 - 2017-03-04 12:37 - 00110944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-15 20:08 - 2017-03-04 12:37 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-15 20:08 - 2017-03-04 12:33 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-15 20:08 - 2017-03-04 12:33 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-03-15 20:08 - 2017-03-04 12:33 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-03-15 20:08 - 2017-03-04 12:31 - 00201568 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-15 20:08 - 2017-03-04 12:31 - 00128648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-15 20:08 - 2017-03-04 12:29 - 01570208 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-15 20:08 - 2017-03-04 12:28 - 01416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-15 20:08 - 2017-03-04 12:28 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-03-15 20:08 - 2017-03-04 12:28 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-15 20:08 - 2017-03-04 12:27 - 00372432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-03-15 20:08 - 2017-03-04 12:12 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-03-15 20:08 - 2017-03-04 12:07 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-15 20:08 - 2017-03-04 12:07 - 00025088 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 22565376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-03-15 20:08 - 2017-03-04 12:06 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-15 20:08 - 2017-03-04 12:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-15 20:08 - 2017-03-04 12:05 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-03-15 20:08 - 2017-03-04 12:05 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-03-15 20:08 - 2017-03-04 12:05 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-15 20:08 - 2017-03-04 12:05 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-03-15 20:08 - 2017-03-04 12:04 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-03-15 20:08 - 2017-03-04 12:04 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-15 20:08 - 2017-03-04 12:04 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-03-15 20:08 - 2017-03-04 12:04 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-03-15 20:08 - 2017-03-04 12:03 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-15 20:08 - 2017-03-04 12:03 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-15 20:08 - 2017-03-04 12:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-15 20:08 - 2017-03-04 12:02 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-03-15 20:08 - 2017-03-04 12:02 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-15 20:08 - 2017-03-04 12:00 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-15 20:08 - 2017-03-04 12:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-15 20:08 - 2017-03-04 11:59 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-15 20:08 - 2017-03-04 11:59 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-15 20:08 - 2017-03-04 11:58 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-15 20:08 - 2017-03-04 11:58 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-15 20:08 - 2017-03-04 11:57 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00643072 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-15 20:08 - 2017-03-04 11:56 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-15 20:08 - 2017-03-04 11:56 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 20:08 - 2017-03-04 11:55 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 01092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-15 20:08 - 2017-03-04 11:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-15 20:08 - 2017-03-04 11:53 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-03-15 20:08 - 2017-03-04 11:53 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-15 20:08 - 2017-03-04 11:53 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-15 20:08 - 2017-03-04 11:52 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-15 20:08 - 2017-03-04 11:52 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-03-15 20:08 - 2017-03-04 11:52 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-15 20:08 - 2017-03-04 11:51 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-03-15 20:08 - 2017-03-04 11:51 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-15 20:08 - 2017-03-04 11:51 - 00776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-15 20:08 - 2017-03-04 11:51 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-15 20:08 - 2017-03-04 11:51 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-15 20:08 - 2017-03-04 11:50 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 23676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-15 20:08 - 2017-03-04 11:49 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-15 20:08 - 2017-03-04 11:48 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-15 20:08 - 2017-03-04 11:48 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-15 20:08 - 2017-03-04 11:48 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-15 20:08 - 2017-03-04 11:48 - 01189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-03-15 20:08 - 2017-03-04 11:48 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-15 20:08 - 2017-03-04 11:48 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-15 20:08 - 2017-03-04 11:48 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-15 20:08 - 2017-03-04 11:47 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-03-15 20:08 - 2017-03-04 11:47 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-15 20:08 - 2017-03-04 11:47 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-15 20:08 - 2017-03-04 11:47 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-03-15 20:08 - 2017-03-04 11:47 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-03-15 20:08 - 2017-03-04 11:47 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-15 20:08 - 2017-03-04 11:46 - 03289088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-15 20:08 - 2017-03-04 11:46 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-15 20:08 - 2017-03-04 11:46 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-15 20:08 - 2017-03-04 11:46 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-15 20:08 - 2017-03-04 11:46 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-03-15 20:08 - 2017-03-04 11:46 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-03-15 20:08 - 2017-03-04 11:45 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-03-15 20:08 - 2017-03-04 11:45 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-15 20:08 - 2017-03-04 11:45 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-15 20:08 - 2017-03-04 11:45 - 01837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-03-15 20:08 - 2017-03-04 11:45 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-15 20:08 - 2017-03-04 11:44 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 01562112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-03-15 20:08 - 2017-03-04 11:44 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-03-15 20:08 - 2017-03-04 11:44 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-15 20:08 - 2017-03-04 11:43 - 19411968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00937472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-03-15 20:08 - 2017-03-04 11:43 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-15 20:08 - 2017-03-04 11:42 - 13085184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-15 20:08 - 2017-03-04 11:42 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-15 20:08 - 2017-03-04 11:41 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-03-15 20:08 - 2017-03-04 11:41 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-15 20:08 - 2017-03-04 11:41 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-15 20:08 - 2017-03-04 11:40 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-15 20:08 - 2017-03-04 11:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-03-15 20:08 - 2017-03-04 11:40 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-03-15 20:08 - 2017-03-04 11:40 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-15 20:08 - 2017-03-04 11:39 - 08125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-15 20:08 - 2017-03-04 11:39 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-03-15 20:08 - 2017-03-04 11:39 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 01780224 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 12178944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-15 20:08 - 2017-03-04 11:37 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-15 20:08 - 2017-03-04 11:37 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 03614720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-15 20:08 - 2017-03-04 11:36 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-15 20:08 - 2017-03-04 11:36 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-03-15 20:08 - 2017-03-04 11:34 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-15 20:08 - 2017-03-04 11:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-15 20:08 - 2017-03-04 11:33 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-15 20:08 - 2017-03-04 11:33 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-15 20:08 - 2017-03-04 11:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-15 20:08 - 2017-03-04 11:32 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-15 20:08 - 2017-03-04 11:31 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-15 20:08 - 2017-03-04 11:30 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-03-15 20:08 - 2016-07-16 07:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CspCellularSettings.dll
2017-03-15 20:08 - 2016-07-16 07:58 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-03-15 20:08 - 2016-07-16 07:56 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-03-15 20:07 - 2016-05-30 00:08 - 08886976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSetup.exe
2017-03-15 19:37 - 2017-04-09 20:23 - 00258139 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-15 19:37 - 2017-04-09 20:23 - 00204148 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-10 01:49 - 2017-03-10 01:49 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Mozilla
2017-03-10 00:50 - 2017-03-10 00:50 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\ShareX
2017-03-10 00:38 - 2017-04-09 20:12 - 00000000 ____D C:\Users\Rebecca Valentine\Documents\ShareX
2017-03-10 00:38 - 2017-03-10 00:38 - 00000827 _____ C:\Users\Rebecca Valentine\Desktop\ShareX.lnk
2017-03-10 00:38 - 2017-03-10 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2017-03-10 00:38 - 2017-03-10 00:38 - 00000000 ____D C:\Program Files\ShareX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-09 20:12 - 2017-01-20 00:54 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-09 20:12 - 2017-01-19 23:03 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\DMCache
2017-04-09 19:50 - 2017-01-19 16:32 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E03940D7-79D2-4449-B37A-06B431BA1570}
2017-04-09 19:00 - 2017-01-18 16:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-09 18:36 - 2017-01-18 20:08 - 00000000 ____D C:\AdwCleaner
2017-04-09 18:35 - 2017-01-20 01:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-09 18:34 - 2017-01-18 19:58 - 00000000 ____D C:\Users\Rebecca Valentine\Desktop\mbar
2017-04-09 18:23 - 2017-01-20 00:23 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-09 18:02 - 2017-01-20 21:46 - 00000000 ____D C:\EEK
2017-04-09 17:39 - 2017-01-18 10:01 - 00000000 __SHD C:\Users\Rebecca Valentine\IntelGraphicsProfiles
2017-04-09 17:38 - 2017-01-18 16:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-09 17:38 - 2016-07-16 11:34 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-04-09 17:19 - 2017-02-14 12:03 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\ElevatedDiagnostics
2017-04-09 17:09 - 2017-01-18 20:14 - 00001370 _____ C:\Users\Rebecca Valentine\Desktop\JRT.lnk
2017-04-09 17:02 - 2017-02-24 12:40 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-04-09 17:02 - 2017-01-18 21:33 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane
2017-04-09 17:00 - 2017-01-23 13:00 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\Other Pics
2017-04-09 17:00 - 2017-01-18 18:04 - 00048568 _____ C:\Users\Rebecca Valentine\Downloads\text.txt
2017-04-09 14:29 - 2017-01-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-04-09 12:31 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-08 20:54 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\INF
2017-04-08 18:05 - 2017-01-18 19:18 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\Programs & Setup Files
2017-04-08 11:04 - 2016-03-31 09:01 - 02455578 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-08 09:59 - 2016-12-28 23:59 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\My Project
2017-04-08 09:30 - 2017-03-06 12:53 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\Arduino15
2017-04-08 07:12 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-06 00:58 - 2017-03-01 18:05 - 00000000 ____D C:\ProgramData\HP
2017-04-05 23:56 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-04 23:57 - 2016-08-05 18:42 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\IT
2017-04-04 23:57 - 2016-04-24 05:32 - 00000000 ____D C:\Users\Rebecca Valentine\Downloads\My Stuff
2017-04-02 20:11 - 2017-01-19 20:32 - 00000000 ____D C:\Users\Rebecca Valentine\AppData\Local\JDownloader 2.0
2017-04-01 21:55 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-22 16:32 - 2017-01-18 16:37 - 00000000 ____D C:\Users\Rebecca Valentine
2017-03-20 19:21 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\rescache
2017-03-19 15:10 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-19 13:39 - 2017-02-20 15:07 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-19 13:39 - 2016-10-26 10:04 - 01472450 ____N C:\WINDOWS\Minidump\031917-6953-01.dmp
2017-03-19 13:28 - 2017-01-20 02:44 - 00001147 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-03-19 13:28 - 2017-01-20 02:44 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-03-19 01:21 - 2016-07-16 17:17 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-19 01:21 - 2016-07-16 11:34 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-19 01:20 - 2015-10-30 11:58 - 00000000 ____D C:\Users\Default.migrated
2017-03-19 01:15 - 2016-10-26 10:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-19 01:14 - 2017-01-18 16:35 - 00443448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-19 01:12 - 2016-07-16 17:17 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-17 22:37 - 2016-03-31 09:19 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-15 20:54 - 2017-01-18 14:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-15 20:53 - 2017-01-18 14:50 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-12 11:30 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-10 10:47 - 2016-07-16 17:19 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-10 10:47 - 2016-07-16 17:19 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-10 02:22 - 2017-02-09 21:47 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-03-10 02:09 - 2017-01-19 23:48 - 00000000 ____D C:\Program Files (x86)\WMPKeys

==================== Files in the root of some directories =======

2017-02-19 20:40 - 2017-02-20 01:05 - 0000117 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Camdata.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0000408 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamLayout.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0000408 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamShapes.ini
2017-02-19 20:40 - 2017-02-20 01:05 - 0004537 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\CamStudio.cfg
2017-02-19 20:33 - 2017-02-20 01:02 - 0000096 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\version2.xml
2017-01-23 14:11 - 2017-01-23 14:11 - 0000017 _____ () C:\Users\Rebecca Valentine\AppData\Local\resmon.resmoncfg
2017-04-06 00:58 - 2017-04-06 00:58 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 17:53

==================== End of FRST.txt ============================

rebeccavalentine · Apr 9, 2017

Addition of FRST log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Rebecca Valentine (09-04-2017 20:23:46)
Running from C:\Users\Rebecca Valentine\Downloads
Windows 10 Home Single Language Version 1607 (X64) (2017-01-18 11:13:28)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2453292216-1992557863-264388339-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2453292216-1992557863-264388339-503 - Limited - Disabled)
Guest (S-1-5-21-2453292216-1992557863-264388339-501 - Limited - Disabled)
Rebecca Valentine (S-1-5-21-2453292216-1992557863-264388339-1001 - Administrator - Enabled) => C:\Users\Rebecca Valentine

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.85 - ICEpower a/s)
AutoHotkey 1.1.24.04 (HKLM\...\AutoHotkey) (Version: 1.1.24.04 - Lexikos)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.6.1.20906 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.30.60 - Conexant)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Dashlane (HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\Dashlane) (Version: 4.6.8.26847 - Dashlane, Inc.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
FormatFactory 4.0.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10600.150 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{AA1CAAC2-2A6A-4771-B813-8B73C74AE477}) (Version: 18.1.1539.2349 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LibreOffice 5.2.4.2 (HKLM-x32\...\{70E9A143-18EB-4FAB-B020-E3854B12202C}) (Version: 5.2.4.2 - The Document Foundation)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.9.1.1334 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1334 - Malwarebytes)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.54 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10143.21278 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Sandboxie 5.16 (64-bit) (HKLM\...\Sandboxie) (Version: 5.16 - Sandboxie Holdings, LLC)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.6.0 - ShareX Team)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinX HD Video Converter Deluxe 5.9.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.176 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2453292216-1992557863-264388339-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Rebecca Valentine\AppData\Local\Microsoft\OneDrive\17.3.6720.1207_1\amd64\FileSyncShell64.d (the data entry has 13 more characters).

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04148B06-7F74-466F-AB97-BD6A3704ED4E} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {26847FF2-925F-43B9-9154-C137E18E097E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
Task: {4B1E9D6B-B811-4DA5-A07C-E729D7E4ADA2} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {5890DE90-6C86-4701-B89E-5A586EF730EA} - System32\Tasks\SafeZone scheduled Autoupdate 1484743893 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {7A95F90F-7F97-435C-872B-2E02424D15B7} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {7FF88CB0-F08F-44E4-BC8C-2245A4F968F5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {895D1674-D51B-4FAB-8B4E-910A89F5CE57} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2016-01-20] (ASUSTek Computer Inc.)
Task: {A07DE7E7-B65F-42A5-B6F7-9B255D14B3D7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D0F9F6D0-1F1B-4555-B0BF-CE9504CE51A3} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {D6E39F92-1A12-47DA-9784-4D7AFBE2F5DD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {F7406635-35FC-4988-995D-41EBE134C76A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {F9535623-DA4E-4649-989F-0CBAC10C9AE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-15 20:08 - 2017-03-04 12:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-15 20:08 - 2017-03-04 12:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-18 17:21 - 2016-09-07 10:26 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 20:08 - 2017-03-04 12:01 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 20:08 - 2017-03-04 12:00 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-03-15 20:08 - 2017-03-04 11:42 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-15 20:08 - 2017-03-04 11:35 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-15 20:08 - 2017-03-04 11:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-06 14:23 - 2017-03-29 14:17 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 14:23 - 2017-03-29 14:17 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
2017-01-18 21:34 - 2017-03-17 21:18 - 00544208 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\DashlanePlugin.exe
2017-01-19 20:38 - 2016-12-17 12:34 - 01209344 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-03-31 12:36 - 2017-03-31 12:37 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-31 12:36 - 2017-03-31 12:37 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-01-18 15:43 - 2017-01-18 15:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-01-18 15:43 - 2017-01-18 15:44 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00024064 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginProxy.dll
2017-03-31 12:36 - 2017-03-31 12:37 - 00547840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.dll
2015-07-22 12:48 - 2015-07-22 12:48 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00338896 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00441808 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00464848 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 62708176 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00285648 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 06183888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 07271888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 13684176 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 02215888 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.8.26847.dll
2017-03-25 00:24 - 2017-03-17 21:18 - 00334288 _____ () C:\Users\Rebecca Valentine\AppData\Roaming\Dashlane\4.6.8.26847\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.8.26847.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\15472250.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\43893416.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 12:54 - 2017-04-09 17:38 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337311\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337345\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca Valentine\Downloads\Wallpapers\HD Wallpapers\a_night_for_two-wallpaper-2880x1620.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: wpscloudsvr => 3
MSCONFIG\Services: ZAMSvc => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001\...\StartupApproved\Run: => "Application Restart #0"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Application Restart #0"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2453292216-1992557863-264388339-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04092017201337375\...\StartupApproved\Run: => "Application Restart #0"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8ECB77A4-E67E-470A-B594-BA6FEB91139A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B09670C9-415F-4765-ABE6-AEEAE374966F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D97586E5-CAE9-4BC4-8287-4FAE814E7B18}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{50C80565-DB3E-4930-BE59-1C14455403BB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A32C32A1-F1BC-4EDF-AFA6-1A0E6E1B34E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{41FE58F4-C4D5-4550-8F37-1A466E593C54}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A159A600-0B55-4EC6-AA6D-494BB596D0DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{28426F0A-0DEE-44F8-9C8E-D3A23DC04867}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A93503D7-6CF1-43E6-9465-DDE021EE75E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{69558106-323B-4946-AEC2-6C20F6EBA44D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6720B044-010D-4FCD-9746-6230065349D8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A63538BB-F025-4461-8516-D76C8F0EACBE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{78F27E6E-CB15-444E-A355-172F39C5DD8F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{1A1BD38A-4155-462D-B323-A1D8355BD501}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{C6121F8C-6AF7-4FB2-932A-D8063D584857}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{D1B876CE-3DA3-4A22-8A50-E3DB3F14DDF4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

09-04-2017 17:44:27 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2017 05:44:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/09/2017 05:09:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\REBECC~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (04/09/2017 12:25:28 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 08:54:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/08/2017 08:54:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {8eb0b10d-fe85-4c31-bef4-fa7aa63b7234}

Error: (04/08/2017 10:59:50 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 09:29:45 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 08:58:12 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/08/2017 07:07:29 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

Error: (04/07/2017 01:16:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version: 8.1.10600.150
DPTF Build Date: Jun 26 2015 11:46:12
Source File: ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function: DptfEvent
Message: Received unexpected event
Framework Event: DptfResume [3]

System errors:
=============
Error: (04/09/2017 06:56:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:44:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:44:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:44:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:39:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/09/2017 05:38:44 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (04/09/2017 05:38:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

CodeIntegrity:
===================================
Date: 2017-02-23 15:14:12.340
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16282.54 MB
Available physical RAM: 10739.71 MB
Total Virtual: 17306.54 MB
Available Virtual: 11867.19 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:118.48 GB) (Free:70.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:446.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DA6A0828)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: DDEB2A16)

Partition: GPT.

==================== End of Addition.txt ============================

Result of Security Analysis by Rocket Grannie (x86) Updated: 5th April, 2017
Running from:C:\Users\Rebecca Valentine\Downloads (20:27:35 - 04/09/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home Single Language X64
UAC is Enabled!
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Avira Antivirus (Disabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Avira Antivirus (Disabled - Up to Date)
Windows Defender (Disabled - Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player 24 NPAPI is not installed
Google Chrome (version 55)
Malwarebytes Anti-Exploit (version 1.09.1.1291)
SUPERAntiSpyware (version 6)

CCleaner (version 5.26) is *out of Date*
Malwarebytes Anti-Exploit version (version 1.9.1.1334) is *out of Date*
Malwarebytes version (version 3.0.5.1299) is *out of Date*

***----------------Analysis Complete-------------------------***

Corrine · Apr 9, 2017

Hi, rebeccavalentine.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Open Notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the entire contents of the code box below into Notepad.

Code:

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U3 aswMBR; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswMBR.sys [62728 2017-03-19] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswVmm.sys [224896 2017-04-09] () <==== ATTENTION
U3 aswbdisk; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X] 
C:\WINDOWS\system32\drivers\73FA0A2F.sys
AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"
AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts: 
EmptyTemp:
end

Click Format and ensure Wordwrap is unchecked.
Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
- Please post the log in your next reply.

rebeccavalentine · Apr 10, 2017

Thank you so much for responding.

I have done as you said & posted the log below.

( As i had mentioned, I could not run malwarebytes & had asked for help in their forum. They asked me to update to a new version & as soon as i did, i was able to run the scan. But the scan results showed 1 rootkit ( system32 driver ) & 6 other "potentially unwanted programs". I deleted everything. When i again ran the scan, the results were clean. But my system showed me a driver error & after restarting it fixed the error by itself. But after restarting i could not open the Malwarebytes. Got the error "Unable to start service". Does this have anything to do with malware blocking the program from running? Ive asked help from their forum, but have not got any replies from them yet )

& i have one more doubt. so sorry for that. Whenever i run adw cleaner from malwarebytes, it always spots aol & ask toolbar & deletes them. But im very careful about not downloading any such toolbars. so how did they get in? why does this happen? I have attached the adwCleaner log file also, in the end.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Rebecca Valentine (10-04-2017 02:20:58) Run:1
Running from C:\Users\Rebecca Valentine\Downloads\New
Loaded Profiles: Rebecca Valentine (Available Profiles: Rebecca Valentine)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
U3 aswMBR; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswMBR.sys [62728 2017-03-19] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Rebecca Valentine\AppData\Local\Temp\aswVmm.sys [224896 2017-04-09] () <==== ATTENTION
U3 aswbdisk; no ImagePath
S3 MBAMFarflt; \??\C:\WINDOWS\system32\drivers\farflt.sys [X]
C:\WINDOWS\system32\drivers\73FA0A2F.sys
AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"
AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
aswMBR => service not found.
aswVmm => service not found.
HKLM\System\CurrentControlSet\Services\aswbdisk => key removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMFarflt => key removed successfully
MBAMFarflt => service removed successfully
"C:\WINDOWS\system32\drivers\73FA0A2F.sys" => not found.
"AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"" => "AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15472250.sys => ""="Driver"" ADS not found.
"AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"" => "AlternateDataStreams: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\43893416.sys => ""="Driver"" ADS not found.

========= netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Could not move "C:\Windows\System32\Drivers\etc\hosts" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 41651 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 614332130 B
Java, Flash, Steam htmlcache => 717 B
Windows/system/drivers => 6666857 B
Edge => 14092 B
Chrome => 201878914 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 19682 B
NetworkService => 0 B
Rebecca Valentine => 531404964 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-04-2017 02:22:08)

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

==== End of Fixlog 02:22:08 ====

# AdwCleaner v6.045 - Logfile created 10/04/2017 at 11:46:54
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Windows 10 Home Single Language (X64)
# Username : Rebecca Valentine - REBECCA-VALENTI
# Running from : C:\Users\Rebecca Valentine\Downloads\Programs & Setup Files\adwcleaner_6.045.exe
# Mode: Clean
# Support : Malwarebytes | Customer Support & Help Center

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Rebecca Valentine\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1692 Bytes] - [20/01/2017 02:21:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [1493 Bytes] - [20/01/2017 02:28:30]
C:\AdwCleaner\AdwCleaner[C3].txt - [1640 Bytes] - [21/01/2017 01:54:42]
C:\AdwCleaner\AdwCleaner[C4].txt - [1785 Bytes] - [21/01/2017 20:55:22]
C:\AdwCleaner\AdwCleaner[C5].txt - [2004 Bytes] - [09/04/2017 17:10:33]
C:\AdwCleaner\AdwCleaner[C6].txt - [1971 Bytes] - [09/04/2017 21:03:02]
C:\AdwCleaner\AdwCleaner[C7].txt - [1560 Bytes] - [10/04/2017 11:46:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [1657 Bytes] - [20/01/2017 01:56:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [1543 Bytes] - [20/01/2017 02:25:50]
C:\AdwCleaner\AdwCleaner[S2].txt - [1690 Bytes] - [21/01/2017 01:54:09]
C:\AdwCleaner\AdwCleaner[S3].txt - [1835 Bytes] - [21/01/2017 19:23:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [1775 Bytes] - [08/04/2017 12:01:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [2054 Bytes] - [09/04/2017 17:10:25]
C:\AdwCleaner\AdwCleaner[S6].txt - [2016 Bytes] - [09/04/2017 18:36:16]
C:\AdwCleaner\AdwCleaner[S7].txt - [2089 Bytes] - [09/04/2017 21:02:24]
C:\AdwCleaner\AdwCleaner[S8].txt - [2419 Bytes] - [10/04/2017 09:46:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [2290 Bytes] ##########

rebeccavalentine · Apr 10, 2017

About Malwarebytes not starting up, I got reply from their forum. Now i can start it again. Thanks. ( i did not know how to edit my previous post, so had to post a new reply. )
Ive attached the log file required, in the previous post. Thanks again.

rebeccavalentine · Apr 10, 2017

Need help regarding Emsisoft! Please!

I have a gaming laptop ASUS, which i bought a month ago. Windows 10.

I use Avira free anti virus & MalwareBytes free version to run scans once a week.

But now i want to go for a paid version of anti malware along with using the avira free anti virus. I was keen on buying MB 3.0 premium version but i saw many complaints related to the latest version on their forum. I too got some bugs with MB 3.0 free version so decided against it.

Now, I am thinking about going for Emsisoft antimalware. But I saw some tests ( like AVTest ) which concluded that emsisoft does not block much threats & slows down the system. Is that true? Can it be trusted to protect my system fully?

& the only difference between Emsisoft Internet Security & Emsisoft Antimalware is that EIS includes a firewall. But isnt windows firewall safe enough to use? Do i actually need the Emsisoft firewall to complete total protection? ( Avira uses windows firewall but with modified settings )

And is EIS an antivirus as mentioned in their website? So it means it is going to clash with my avira AV & I need to uninstall Avira completely?
In case EIS acts like an anti virus, I should not go for other anti malware with real time protection like MB premium, or zemana premium which can clash with it right? Maybe i should use all these as on demand scanners alongside EIS?

What am i allowed to run beside EIS? ( IF it is necessary to have another layer of protection besides EIS )

Or maybe i should go for some antimalware other than EIS?

And what is this VoodooShield that i hear about? I dont seem to understand what it is, no matter how hard i try. Can someone please explain?

Can someone please help me out on this. Thanks in advance!

Corrine · Apr 10, 2017

Re: Need help regarding Emsisoft! Please!

Is this the same laptop as your other topic? Am i still infected? What should i do?

Corrine · Apr 10, 2017

From our posting instructions:

We also request that you do not run any tools or fixes unless instructed once you've posted; if we're unable to keep track of which tools have been run it makes it harder for us, and ultimately you, to get the machine back up and repaired.

Yes, I saw that you had an older version of Malwarebytes but it was intending on addressing that after you had followed the instructions I posted.

Regarding AdwCleaner, what is the default search engine you have set in Google Chrome? (Got to Settings > Search)

rebeccavalentine · Apr 11, 2017

Corrine said:
From our posting instructions:

We also request that you do not run any tools or fixes unless instructed once you've posted; if we're unable to keep track of which tools have been run it makes it harder for us, and ultimately you, to get the machine back up and repaired.

Click to expand...

Yes, I saw that you had an older version of Malwarebytes but it was intending on addressing that after you had followed the instructions I posted.

Regarding AdwCleaner, what is the default search engine you have set in Google Chrome? (Got to Settings > Search)

Okay. got that :)

Reg MB 3.0. Now its all okay.

Oh god. Thanks a ton seriously. Though google was set as the default search engine, other options were not removed from the list of search engines which included Yahoo, ASK, & AOL. Now i have removed all of them & have only option which is google. Thank you so much for this.

& about the Fix Result FRST log which i posted ( #6) , after doing what you told me to.. Is everything alright with it?

& thank you for responding this fast. Thanks a ton really :)

rebeccavalentine · Apr 11, 2017

Re: Need help regarding Emsisoft! Please!

Yes. Its the same laptop I was talking about.

After ensuring myself that my system is totally clean, I want to go for a strong AV/ AM this time. That is why I am testing which one will be good for me. :)

thanks.

rebeccavalentine · Apr 11, 2017

& suddenly, Certain websites wont load no matter whatever i do. Does this have something to do with Malware? If i use proxy, they load. But on my own connection, certain websites never load. I dont use router. I use internet via 4G provider. please help

Corrine · Apr 11, 2017

Hi, rebeccavalentine.

Your questions regarding security software have been merged to this thread. A paid/licensed antivirus software is fine but it would not have made a difference in this situation:

Yesterday, I had a college presentation & had to plug in my friend's pendrive which had lots of viruses. I did not want to, but had to click on the shortcut virus to open her files since i was standing in front of the whole class & i had to give the presentation. It also had an autorun virus along with others. I could not unplug the pendrive until i finished with my presentation.

You were fortunate that the infection was such that you were even able to finish your presentation. I hope your friend has destroyed the pendrive and has checked their computer for infection. There are antivirus suites which include a firewall and other features and there are also licensed stand-alone antivirus programs. As to which to select, that is a personal decision.

1) Please disable autoplay: Open Settings > Autoplay > Change the setting for removal drive to "Ask me every time".

2) Please do an online scan with ESET:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

Please go here, download the ESET Smart Installer, and save it to your desktop.
Double-click on the ESET Smart Installer you just downloaded.
Place a checkmark next to "YES, I accept the Terms of Use" and click the Start button.
Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
- Remove found threats
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
When the scan completes, click List Found Threats (only if anything is found).
Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click

, then click

to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

rebeccavalentine · Apr 12, 2017

It found no threats. The results are clean.

But i dont know how to export the log. The options for it, are nowhere to be seen. There is nothing in the final screen except for the finish button.

Thank you, corrine. :)

Corrine · Apr 12, 2017

Nothing to see then since nothing was found. :thumbsup2:

Getting back to your question about antivirus software programs, everyone has a personal preference. I'm a "safe surfer" and don't share pendrives

. My preference for free antivirus software on Windows 10 is Windows Defender with the addition of Malwarebytes Pro. For a paid/licensed antivirus, I prefer ESET, which has multiple options, ESET NOD32, which is the stand-along A/V program or various suites: Antivirus and Internet Security for Windows | ESET.

If everything is back to normal, let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

rebeccavalentine · Apr 14, 2017

Yayy!!

so this means my system is clean? :)

I hate the word pen drive now

Okay. Will run this & update the log soon! :)
Thank you so so so much for your help.. :)

( Ever since i was infected, some websites seem to have stopped working for me. They dont load in my system. Whereas they load properly when i use proxy or use my ipad with the same network. Does this have anything to do with malware? )

rebeccavalentine · Apr 14, 2017

From what i know, this tool Delfix is meant to remove all the cleaning tools like FRST right?

Corrine · Apr 14, 2017

Yes, that is what Delfix does -- both the tools and the logs.

rebeccavalentine · Apr 16, 2017

Thanks Corrine, I have done what you asked me to.
Now can i assure myself that my system is clean?

Am i still infected? What should i do?

Active member

Active member

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Active member

Administrator, Microsoft MVP, Security Analyst

Active member

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst