Jump to content

Potential Malware


Recommended Posts

Dear to whom it may concern

To give it a bit of backstory I recently downloaded (Paint.net) from their official website and being very careful before I downloaded it I first scanned the url on virus scanner and it said it was safe I then downloaded the file and scanned it on virus total and I said it was safe. I then scanned with Malwarebytes like I normally do after installing something. When I came back after the scan I found that I had one malware detected in my file C:\Users\User\AppData\Roaming\.minecraft\saves\60seconds the malware was called CrackTool.Agent in a frenzy I quickyl uninstalled the paint.net in control panel then I deleted the file on Malwarebytes so incase it couldnt come back and deleted the 60 seconds away. I removed all my browsing history so incase they can't go and get my passwords. I changed my passwords to all my bare essential accounts on another secure device. I logged out on all my accounts which I needed to also on the pc so now I am currently scanning with Malwarebytes and Windows Defender. I want to know what I can do to make sure my pc is not compromised and I googled abit and heard that Malwarebytes sometimes misidentifies cracks but I am not sure I rather be better safe than sorry.

-Wolfsi

Link to post
Share on other sites

Hello Wolfsi21 and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.


Let me see those logs in your reply...

Thank you,

Kevin...
Link to post
Share on other sites

Thanks for reply so fast Kevin

1. Ok so I first have shown all hidden files Done

2. Downloaded the RKiller this is what is says:

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/25/2016 10:00:06 PM in x64 mode.
Windows Version: Windows 10 Home Single Language 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 09/25/2016 10:03:34 PM
Execution time: 0 hours(s), 3 minute(s), and 27 seconds(s)
3. This is after I deleted everything 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-09-25
Scan Time: 09:05 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.25.06
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333265
Time Elapsed: 51 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)\

This is from the malicious scan but since I have deleted a couple of things stated in the post higher

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-09-25
Scan Time: 07:35 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.25.04
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333668
Time Elapsed: 35 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
CrackTool.Agent, C:\Users\User\AppData\Roaming\.minecraft\saves\60 Seconds v1.0.42\steam_api.dll, Quarantined, [f5636f078f0b4fe7c8b0df0e36cec13f], 

Physical Sectors: 0
(No malicious items detected)


(end)

4. I just ran the  Farbar Recovery Scan Tool and here is results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by User (administrator) on CONNORPC (25-09-2016 22:12:27)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1841088 2016-09-02] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-04] (Razer Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-08-13] (Razer Inc)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-06] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2858272 2016-09-20] (Valve Corporation)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-05-16] (Electronic Arts)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\...\MountPoints2: {717fd77c-1c8b-11e5-824e-806e6f6e6963} - "E:\autorun.exe" 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{dfc197c6-dc94-46c2-8971-385ba2350bf6}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2820685085-2590210468-4070006062-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2820685085-2590210468-4070006062-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0DDE3986-D26C-4F4A-80E1-77E175353D5A}&mid=42bfb59213c947cda1efd16abeba7383-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0715tb&pr=fr&d=2015-07-16 14:23:57&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-10] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-10] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Profile 2 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2016-06-03]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-09-25]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-03]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-03]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-03]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-08-22]
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-22]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-22]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-22]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-22]
CHR Extension: (Bing) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-08-22]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-22]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-22]
CHR Extension: (Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-22]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2016-08-23]
CHR HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-11-04] (EasyAntiCheat Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457152 2016-09-02] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457152 2016-09-02] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-02] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-05-16] (Electronic Arts)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-06-20] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49272 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3851cb7c8216f9e\nvlddmkm.sys [14216760 2016-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
R3 RTL8023x64; C:\Windows\System32\drivers\Rtnic64.sys [52736 2009-07-23] (Realtek Semiconductor Corporation                           )
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-06-23] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [47640 2016-06-23] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 WCMVCAM; C:\Windows\system32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 22:12 - 2016-09-25 22:13 - 00021383 _____ C:\Users\User\Downloads\FRST.txt
2016-09-25 22:11 - 2016-09-25 22:12 - 00000000 ____D C:\FRST
2016-09-25 22:09 - 2016-09-25 22:11 - 02403328 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2016-09-25 22:00 - 2016-09-25 22:03 - 00003632 _____ C:\Users\User\Desktop\Rkill.txt
2016-09-25 21:57 - 2016-09-25 21:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe
2016-09-25 19:24 - 2016-09-25 21:04 - 00000000 ____D C:\Program Files\paint.net
2016-09-25 19:24 - 2016-09-25 19:26 - 00000000 ____D C:\Users\User\AppData\Local\paint.net
2016-09-24 14:19 - 2016-09-24 14:19 - 00000000 ____D C:\Users\User\AppData\Roaming\NVIDIA
2016-09-23 17:34 - 2016-09-23 17:34 - 00000000 ____D C:\WINDOWS\Panther
2016-09-22 13:06 - 2016-09-22 13:06 - 01823663 _____ C:\Users\User\Documents\HUDSON FEES 2016 - jackiebolivier@gmail.com - Gmail.html
2016-09-22 13:06 - 2016-09-22 13:06 - 00000000 ____D C:\Users\User\Documents\HUDSON FEES 2016 - jackiebolivier@gmail.com - Gmail_files
2016-09-22 06:25 - 2016-09-22 06:25 - 00000000 ____D C:\ProgramData\Gaijin
2016-09-21 17:08 - 2016-09-21 17:14 - 35381892 _____ C:\Users\User\Downloads\Hitler's Rant - Original Video with English Subtitles Film DownfallDer Untergang - HD.mp4
2016-09-21 15:23 - 2016-09-21 15:23 - 00000000 ____D C:\Users\User\Desktop\Summaries For Term 1-4 Grade 9 Exams
2016-09-21 07:05 - 2016-09-25 12:22 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2016-09-20 16:51 - 2016-09-20 16:51 - 00000222 _____ C:\Users\User\Desktop\War Thunder.url
2016-09-20 07:29 - 2016-09-07 07:37 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-09-20 07:29 - 2016-09-07 07:32 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-09-20 07:29 - 2016-09-07 07:30 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-09-20 07:29 - 2016-09-07 07:27 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-09-20 07:29 - 2016-09-07 07:20 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-20 07:29 - 2016-09-07 07:18 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-20 07:29 - 2016-09-07 07:18 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-20 07:29 - 2016-09-07 07:17 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-20 07:29 - 2016-09-07 07:17 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-20 07:29 - 2016-09-07 07:17 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-20 07:29 - 2016-09-07 07:17 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-20 07:29 - 2016-09-07 07:16 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-20 07:29 - 2016-09-07 07:13 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-20 07:29 - 2016-09-07 07:09 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-20 07:29 - 2016-09-07 07:04 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-20 07:29 - 2016-09-07 06:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-09-20 07:29 - 2016-09-07 06:58 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-09-20 07:29 - 2016-09-07 06:57 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-09-20 07:29 - 2016-09-07 06:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-09-20 07:29 - 2016-09-07 06:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-09-20 07:29 - 2016-09-07 06:55 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-09-20 07:29 - 2016-09-07 06:54 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-09-20 07:29 - 2016-09-07 06:54 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-09-20 07:29 - 2016-09-07 06:53 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-09-20 07:29 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-09-20 07:29 - 2016-09-07 06:52 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-20 07:29 - 2016-09-07 06:51 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-20 07:29 - 2016-09-07 06:51 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-20 07:29 - 2016-09-07 06:50 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-09-20 07:29 - 2016-09-07 06:50 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-20 07:29 - 2016-09-07 06:50 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-20 07:29 - 2016-09-07 06:50 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-20 07:29 - 2016-09-07 06:49 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-09-20 07:29 - 2016-09-07 06:49 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-09-20 07:29 - 2016-09-07 06:47 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-20 07:29 - 2016-09-07 06:47 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-20 07:29 - 2016-09-07 06:46 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-20 07:29 - 2016-09-07 06:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-09-20 07:29 - 2016-09-07 06:46 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-09-20 07:29 - 2016-09-07 06:45 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-20 07:29 - 2016-09-07 06:44 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-09-20 07:29 - 2016-09-07 06:43 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-20 07:29 - 2016-09-07 06:43 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-20 07:29 - 2016-09-07 06:42 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-20 07:29 - 2016-09-07 06:42 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-20 07:29 - 2016-09-07 06:41 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-20 07:29 - 2016-09-07 06:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-20 07:29 - 2016-09-07 06:41 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-20 07:29 - 2016-09-07 06:40 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-20 07:29 - 2016-09-07 06:40 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-20 07:29 - 2016-09-07 06:39 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-20 07:29 - 2016-09-07 06:37 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-09-20 07:29 - 2016-09-07 06:36 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-20 07:29 - 2016-09-07 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-09-20 07:29 - 2016-09-07 06:35 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-20 07:29 - 2016-09-07 06:35 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-20 07:29 - 2016-09-07 06:35 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-09-20 07:29 - 2016-09-07 06:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-09-20 07:29 - 2016-09-07 06:34 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-09-20 07:29 - 2016-09-07 06:34 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-20 07:29 - 2016-09-07 06:34 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-20 07:29 - 2016-09-07 06:34 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-09-20 07:29 - 2016-09-07 06:34 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-20 07:29 - 2016-09-07 06:34 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-09-20 07:29 - 2016-09-07 06:33 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-20 07:29 - 2016-09-07 06:33 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-09-20 07:29 - 2016-09-07 06:33 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-09-20 07:29 - 2016-09-07 06:33 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-09-20 07:29 - 2016-09-07 06:33 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-09-20 07:29 - 2016-09-07 06:32 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-20 07:29 - 2016-09-07 06:32 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-09-20 07:29 - 2016-09-07 06:31 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-09-20 07:29 - 2016-09-07 06:31 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-20 07:29 - 2016-09-07 06:31 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-09-20 07:29 - 2016-08-06 05:48 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-09-20 07:29 - 2016-08-06 05:42 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-20 07:29 - 2016-08-06 05:37 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-20 07:29 - 2016-08-06 05:29 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-09-20 07:29 - 2016-08-02 06:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-09-20 07:29 - 2016-08-02 06:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-20 07:29 - 2016-08-02 06:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-09-20 07:29 - 2016-08-02 06:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-09-20 07:28 - 2016-09-07 08:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-20 07:28 - 2016-09-07 07:30 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-09-20 07:28 - 2016-09-07 07:27 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-20 07:28 - 2016-09-07 07:17 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-20 07:28 - 2016-09-07 07:15 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-20 07:28 - 2016-09-07 07:15 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-20 07:28 - 2016-09-07 07:13 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-09-20 07:28 - 2016-09-07 07:13 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-20 07:28 - 2016-09-07 07:13 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-09-20 07:28 - 2016-09-07 07:13 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-20 07:28 - 2016-09-07 07:12 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-20 07:28 - 2016-09-07 07:07 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-09-20 07:28 - 2016-09-07 07:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-09-20 07:28 - 2016-09-07 07:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-09-20 07:28 - 2016-09-07 06:59 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-09-20 07:28 - 2016-09-07 06:59 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-09-20 07:28 - 2016-09-07 06:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-09-20 07:28 - 2016-09-07 06:58 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-20 07:28 - 2016-09-07 06:58 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-09-20 07:28 - 2016-09-07 06:57 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-09-20 07:28 - 2016-09-07 06:56 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-09-20 07:28 - 2016-09-07 06:55 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-09-20 07:28 - 2016-09-07 06:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-09-20 07:28 - 2016-09-07 06:54 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-09-20 07:28 - 2016-09-07 06:53 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-20 07:28 - 2016-09-07 06:53 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-20 07:28 - 2016-09-07 06:52 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-20 07:28 - 2016-09-07 06:50 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-09-20 07:28 - 2016-09-07 06:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-09-20 07:28 - 2016-09-07 06:49 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-20 07:28 - 2016-09-07 06:49 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-20 07:28 - 2016-09-07 06:47 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-09-20 07:28 - 2016-09-07 06:46 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-09-20 07:28 - 2016-09-07 06:46 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-09-20 07:28 - 2016-09-07 06:45 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-20 07:28 - 2016-09-07 06:44 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-20 07:28 - 2016-09-07 06:44 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-20 07:28 - 2016-09-07 06:42 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-20 07:28 - 2016-09-07 06:41 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-20 07:28 - 2016-09-07 06:39 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-20 07:28 - 2016-09-07 06:39 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-09-20 07:28 - 2016-09-07 06:39 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-09-20 07:28 - 2016-09-07 06:39 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-09-20 07:28 - 2016-09-07 06:37 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-20 07:28 - 2016-09-07 06:37 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-20 07:28 - 2016-09-07 06:36 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-20 07:28 - 2016-09-07 06:36 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-09-20 07:28 - 2016-09-07 06:35 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-20 07:28 - 2016-09-07 06:35 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-09-20 07:28 - 2016-09-07 06:34 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-20 07:28 - 2016-09-07 06:34 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-09-20 07:28 - 2016-09-07 06:34 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-09-20 07:28 - 2016-09-07 06:11 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-20 07:28 - 2016-08-06 05:50 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-20 07:28 - 2016-08-06 05:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-20 07:26 - 2016-09-07 07:53 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-09-20 07:26 - 2016-09-07 07:46 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-09-20 07:26 - 2016-09-07 07:44 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-20 07:26 - 2016-09-07 07:44 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-20 07:26 - 2016-09-07 07:39 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-20 07:26 - 2016-09-07 07:36 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-20 07:26 - 2016-09-07 07:34 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-20 07:26 - 2016-09-07 07:34 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-20 07:26 - 2016-09-07 07:34 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-20 07:26 - 2016-09-07 07:34 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-20 07:26 - 2016-09-07 07:34 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-20 07:26 - 2016-09-07 07:33 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-20 07:26 - 2016-09-07 07:33 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-20 07:26 - 2016-09-07 07:29 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-20 07:26 - 2016-09-07 07:29 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-20 07:26 - 2016-09-07 07:29 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-20 07:26 - 2016-09-07 07:25 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-20 07:26 - 2016-09-07 07:24 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-20 07:26 - 2016-09-07 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-09-20 07:26 - 2016-09-07 07:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-09-20 07:26 - 2016-09-07 07:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-09-20 07:26 - 2016-09-07 07:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-09-20 07:26 - 2016-09-07 07:01 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-09-20 07:26 - 2016-09-07 06:59 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-09-20 07:26 - 2016-09-07 06:59 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-09-20 07:26 - 2016-09-07 06:59 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-09-20 07:26 - 2016-09-07 06:58 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-09-20 07:26 - 2016-09-07 06:58 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-09-20 07:26 - 2016-09-07 06:58 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-20 07:26 - 2016-09-07 06:56 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-09-20 07:26 - 2016-09-07 06:56 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-20 07:26 - 2016-09-07 06:56 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-09-20 07:26 - 2016-09-07 06:55 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-09-20 07:26 - 2016-09-07 06:55 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-09-20 07:26 - 2016-09-07 06:55 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-20 07:26 - 2016-09-07 06:55 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-20 07:26 - 2016-09-07 06:54 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-09-20 07:26 - 2016-09-07 06:54 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-09-20 07:26 - 2016-09-07 06:54 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-09-20 07:26 - 2016-09-07 06:54 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-20 07:26 - 2016-09-07 06:54 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-09-20 07:26 - 2016-09-07 06:53 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-09-20 07:26 - 2016-09-07 06:53 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-20 07:26 - 2016-09-07 06:53 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-20 07:26 - 2016-09-07 06:52 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-20 07:26 - 2016-09-07 06:52 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-20 07:26 - 2016-09-07 06:52 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-09-20 07:26 - 2016-09-07 06:51 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-20 07:26 - 2016-09-07 06:51 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-20 07:26 - 2016-09-07 06:50 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-20 07:26 - 2016-09-07 06:49 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-20 07:26 - 2016-09-07 06:49 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-20 07:26 - 2016-09-07 06:49 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-20 07:26 - 2016-09-07 06:49 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-20 07:26 - 2016-09-07 06:49 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-09-20 07:26 - 2016-09-07 06:47 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-20 07:26 - 2016-09-07 06:46 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-20 07:26 - 2016-09-07 06:45 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-20 07:26 - 2016-09-07 06:45 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-09-20 07:26 - 2016-09-07 06:41 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-20 07:26 - 2016-09-07 06:41 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-20 07:26 - 2016-09-07 06:41 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-20 07:26 - 2016-09-07 06:41 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-09-20 07:26 - 2016-09-07 06:41 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-20 07:26 - 2016-09-07 06:40 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-09-20 07:26 - 2016-09-07 06:40 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-09-20 07:26 - 2016-09-07 06:40 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-09-20 07:26 - 2016-09-07 06:40 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-20 07:26 - 2016-09-07 06:39 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-09-20 07:26 - 2016-09-07 06:39 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-20 07:26 - 2016-09-07 06:38 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-20 07:26 - 2016-09-07 06:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-20 07:26 - 2016-09-07 06:38 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-20 07:26 - 2016-09-07 06:38 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-09-20 07:26 - 2016-09-07 06:38 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-20 07:26 - 2016-09-07 06:37 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-20 07:26 - 2016-09-07 06:37 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-09-20 07:26 - 2016-09-07 06:37 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-09-20 07:26 - 2016-09-07 06:37 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-20 07:26 - 2016-09-07 06:37 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-09-20 07:26 - 2016-09-07 06:36 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-09-20 07:26 - 2016-09-07 06:35 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-20 07:26 - 2016-09-07 06:35 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-09-20 07:26 - 2016-09-07 06:35 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-09-20 07:26 - 2016-09-07 06:34 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-20 07:26 - 2016-08-06 06:26 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-09-20 07:26 - 2016-08-06 06:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-20 07:26 - 2016-08-06 05:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-20 07:26 - 2016-08-06 05:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-09-20 07:26 - 2016-08-06 05:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-20 07:26 - 2016-08-06 05:40 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-20 07:26 - 2016-08-06 05:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-20 07:26 - 2016-08-06 05:38 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-09-20 07:26 - 2016-08-06 05:35 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-20 07:26 - 2016-08-02 10:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-09-20 07:26 - 2016-08-02 10:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-20 07:26 - 2016-08-02 10:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-20 07:26 - 2016-08-02 10:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-20 07:26 - 2016-08-02 10:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-09-20 07:26 - 2016-08-02 10:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-09-20 07:26 - 2016-08-02 10:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-20 07:25 - 2016-09-07 07:54 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-20 07:25 - 2016-09-07 07:54 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-20 07:25 - 2016-09-07 07:54 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-20 07:25 - 2016-09-07 07:53 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-09-20 07:25 - 2016-09-07 07:51 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-09-20 07:25 - 2016-09-07 07:51 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-20 07:25 - 2016-09-07 07:51 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-20 07:25 - 2016-09-07 07:50 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-20 07:25 - 2016-09-07 07:50 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-20 07:25 - 2016-09-07 07:48 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-20 07:25 - 2016-09-07 07:48 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-09-20 07:25 - 2016-09-07 07:44 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-20 07:25 - 2016-09-07 07:41 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-20 07:25 - 2016-09-07 07:34 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-20 07:25 - 2016-09-07 07:34 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-20 07:25 - 2016-09-07 07:34 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-20 07:25 - 2016-09-07 07:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-09-20 07:25 - 2016-09-07 07:33 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-09-20 07:25 - 2016-09-07 07:33 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-20 07:25 - 2016-09-07 07:32 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-20 07:25 - 2016-09-07 07:32 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-20 07:25 - 2016-09-07 07:30 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-09-20 07:25 - 2016-09-07 07:29 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-20 07:25 - 2016-09-07 07:29 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-20 07:25 - 2016-09-07 07:24 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-20 07:25 - 2016-09-07 07:24 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-20 07:25 - 2016-09-07 07:24 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-09-20 07:25 - 2016-09-07 07:24 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-20 07:25 - 2016-09-07 07:08 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-20 07:25 - 2016-09-07 07:04 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-20 07:25 - 2016-09-07 07:04 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-09-20 07:25 - 2016-09-07 07:03 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-20 07:25 - 2016-09-07 07:03 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-09-20 07:25 - 2016-09-07 07:03 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-09-20 07:25 - 2016-09-07 07:03 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-09-20 07:25 - 2016-09-07 07:03 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-09-20 07:25 - 2016-09-07 07:02 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-09-20 07:25 - 2016-09-07 07:00 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-09-20 07:25 - 2016-09-07 07:00 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-09-20 07:25 - 2016-09-07 06:59 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-09-20 07:25 - 2016-09-07 06:59 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-09-20 07:25 - 2016-09-07 06:59 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-09-20 07:25 - 2016-09-07 06:59 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-09-20 07:25 - 2016-09-07 06:58 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-09-20 07:25 - 2016-09-07 06:56 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-20 07:25 - 2016-09-07 06:56 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-09-20 07:25 - 2016-09-07 06:56 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-20 07:25 - 2016-09-07 06:56 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-09-20 07:25 - 2016-09-07 06:56 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-09-20 07:25 - 2016-09-07 06:55 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-09-20 07:25 - 2016-09-07 06:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-20 07:25 - 2016-09-07 06:54 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-09-20 07:25 - 2016-09-07 06:54 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-09-20 07:25 - 2016-09-07 06:54 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-20 07:25 - 2016-09-07 06:54 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-09-20 07:25 - 2016-09-07 06:53 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-09-20 07:25 - 2016-09-07 06:53 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-09-20 07:25 - 2016-09-07 06:52 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-20 07:25 - 2016-09-07 06:51 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-20 07:25 - 2016-09-07 06:49 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-20 07:25 - 2016-09-07 06:48 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-20 07:25 - 2016-09-07 06:48 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-09-20 07:25 - 2016-09-07 06:48 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-20 07:25 - 2016-09-07 06:48 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-20 07:25 - 2016-09-07 06:48 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-20 07:25 - 2016-09-07 06:47 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-09-20 07:25 - 2016-09-07 06:47 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-20 07:25 - 2016-09-07 06:47 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-20 07:25 - 2016-09-07 06:47 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-20 07:25 - 2016-09-07 06:46 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-20 07:25 - 2016-09-07 06:45 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-20 07:25 - 2016-09-07 06:45 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-20 07:25 - 2016-09-07 06:44 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-20 07:25 - 2016-09-07 06:44 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-20 07:25 - 2016-09-07 06:44 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-20 07:25 - 2016-09-07 06:43 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-20 07:25 - 2016-09-07 06:43 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-20 07:25 - 2016-09-07 06:42 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-20 07:25 - 2016-09-07 06:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-20 07:25 - 2016-09-07 06:40 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-09-20 07:25 - 2016-09-07 06:39 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-20 07:25 - 2016-09-07 06:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-20 07:25 - 2016-09-07 06:38 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-20 07:25 - 2016-09-07 06:38 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-20 07:25 - 2016-09-07 06:38 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-20 07:25 - 2016-09-07 06:38 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-20 07:25 - 2016-09-07 06:38 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-09-20 07:25 - 2016-09-07 06:37 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-20 07:25 - 2016-09-07 06:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-20 07:25 - 2016-09-07 06:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-20 07:25 - 2016-08-06 06:13 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-20 07:25 - 2016-08-06 05:48 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-20 07:25 - 2016-08-06 05:39 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-20 07:25 - 2016-07-22 03:27 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-20 07:25 - 2016-07-22 03:27 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-20 07:25 - 2016-07-22 02:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-20 07:24 - 2016-09-07 07:55 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-09-20 07:24 - 2016-09-07 07:54 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-20 07:24 - 2016-09-07 07:49 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-20 07:24 - 2016-09-07 07:43 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-20 07:24 - 2016-09-07 07:41 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-09-20 07:24 - 2016-09-07 07:39 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-20 07:24 - 2016-09-07 07:36 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-09-20 07:24 - 2016-09-07 07:34 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-20 07:24 - 2016-09-07 07:32 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-20 07:24 - 2016-09-07 07:32 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-20 07:24 - 2016-09-07 07:32 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-20 07:24 - 2016-09-07 07:32 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-20 07:24 - 2016-09-07 07:29 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-09-20 07:24 - 2016-09-07 06:59 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-09-20 07:24 - 2016-09-07 06:58 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-09-20 07:24 - 2016-09-07 06:56 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-09-20 07:24 - 2016-09-07 06:55 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-20 07:24 - 2016-09-07 06:52 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-20 07:24 - 2016-09-07 06:52 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-20 07:24 - 2016-09-07 06:46 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-09-20 07:24 - 2016-09-07 06:45 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-20 07:24 - 2016-09-07 06:41 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-20 07:24 - 2016-09-07 06:41 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-20 07:24 - 2016-09-07 06:39 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-20 07:24 - 2016-09-07 06:39 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-20 07:24 - 2016-09-07 06:38 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-09-20 07:24 - 2016-08-06 06:16 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-20 07:24 - 2016-08-06 06:16 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-19 15:06 - 2016-09-19 15:06 - 00237959 _____ C:\Users\User\Downloads\ClownfishVoiceChanger-v1.60.ts3_plugin
2016-09-18 11:06 - 2016-09-19 18:08 - 00000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2016-09-18 10:32 - 2016-09-18 10:32 - 00000128 ____H C:\Users\User\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-18 10:32 - 2016-09-18 10:32 - 00000128 ____H C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2016-09-18 10:32 - 2016-09-18 10:32 - 00000000 ____D C:\Users\User\AppData\Roaming\iSpring Solutions
2016-09-18 10:26 - 2016-09-18 10:30 - 23998464 _____ C:\Users\User\Downloads\ispring_free_cam_8_3_0.msi
2016-09-18 10:19 - 2016-09-18 10:20 - 02496800 _____ (Beepa Pty Ltd) C:\Users\User\Downloads\setup.exe
2016-09-13 17:59 - 2016-09-13 18:01 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2016-09-13 17:59 - 2016-09-13 17:59 - 00001782 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-13 17:59 - 2016-09-13 17:59 - 00000000 ____D C:\Users\User\AppData\Local\Apple Computer
2016-09-13 17:59 - 2016-09-13 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-13 17:58 - 2016-09-13 17:59 - 00000000 ____D C:\Program Files\iTunes
2016-09-13 17:58 - 2016-09-13 17:58 - 00000000 ____D C:\ProgramData\Apple Computer
2016-09-13 17:58 - 2016-09-13 17:58 - 00000000 ____D C:\Program Files\iPod
2016-09-13 17:58 - 2016-09-13 17:58 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-09-13 17:52 - 2016-09-13 17:52 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-13 17:52 - 2016-09-13 17:52 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-09-13 17:52 - 2016-09-13 17:52 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2016-09-13 17:52 - 2016-09-13 17:52 - 00000000 ____D C:\Program Files\Bonjour
2016-09-13 17:52 - 2016-09-13 17:52 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-09-13 17:52 - 2016-09-13 17:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-09-13 17:51 - 2016-09-13 17:58 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-13 17:51 - 2016-09-13 17:52 - 00000000 ____D C:\ProgramData\Apple
2016-09-13 17:20 - 2016-09-13 17:51 - 170493768 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes6464Setup.exe
2016-09-12 17:56 - 2016-09-14 09:26 - 00000000 ____D C:\Users\User\Desktop\English Newspaper Article
2016-09-11 08:17 - 2016-09-11 08:17 - 00002274 _____ C:\Users\User\Desktop\Cricket2009 - Shortcut.lnk
2016-09-11 08:14 - 2016-09-22 06:31 - 00000000 ____D C:\Users\User\Documents\My Games
2016-09-11 08:07 - 2016-09-11 08:07 - 00000000 ____D C:\Program Files (x86)\Codemasters
2016-09-11 07:59 - 2016-09-11 07:59 - 00221662 _____ C:\Users\User\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2016-09-11 07:16 - 2016-08-25 22:53 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-09-11 07:15 - 2016-09-19 18:08 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-09-11 07:15 - 2016-05-04 04:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-09-11 07:15 - 2016-05-04 04:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-09-11 07:15 - 2016-05-04 04:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-09-11 07:15 - 2016-05-04 04:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-09-11 07:11 - 2016-09-11 07:11 - 00003442 _____ C:\WINDOWS\System32\Tasks\{52320180-D905-4C4D-A196-A220696BB388}
2016-09-11 07:10 - 2016-08-26 01:27 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 35180992 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 34842680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 28238904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 10865888 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 10746896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 10288040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 09094048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 08875408 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 08687888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 02912192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 02549184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437270.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 01586560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437270.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 01020472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 00958008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 00941504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 00894520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 00686712 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-09-11 07:10 - 2016-08-26 01:27 - 00576168 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-09-10 21:19 - 2016-09-10 21:19 - 00003922 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-10 21:19 - 2016-09-10 21:19 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-09-10 21:19 - 2016-09-02 13:17 - 01841088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-09-10 21:19 - 2016-09-02 13:17 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-09-10 21:19 - 2016-09-02 13:17 - 01448384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-09-10 21:19 - 2016-09-02 13:17 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-09-10 21:19 - 2016-09-02 13:17 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-09-10 21:18 - 2016-09-10 21:18 - 00003986 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-10 21:18 - 2016-09-10 21:18 - 00003958 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-10 21:18 - 2016-09-10 21:18 - 00003896 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-10 21:18 - 2016-09-10 21:18 - 00003692 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-09-10 21:18 - 2016-09-02 13:17 - 00104384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-09-10 21:18 - 2016-09-02 13:17 - 00094144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-09-10 21:18 - 2016-09-02 13:17 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-09-10 21:18 - 2016-09-02 13:03 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-09-10 20:54 - 2016-09-10 20:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun
2016-09-10 20:54 - 2016-09-10 20:54 - 00000000 ____D C:\Users\User\.oracle_jre_usage
2016-09-08 18:25 - 2016-09-08 18:25 - 00000220 _____ C:\Users\User\Desktop\Garry's Mod.url
2016-09-04 10:06 - 2016-09-04 10:06 - 00013154 ____H C:\Users\User\Desktop\~WRL3781.tmp
2016-09-02 19:49 - 2016-09-02 19:49 - 00000000 ____D C:\Users\User\AppData\Local\Introversion
2016-09-02 18:49 - 2016-09-02 18:49 - 00000222 _____ C:\Users\User\Desktop\Prison Architect.url
2016-09-01 06:59 - 2016-08-27 07:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-01 06:59 - 2016-08-27 06:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-01 06:59 - 2016-08-27 06:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-01 06:59 - 2016-08-27 06:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-01 06:59 - 2016-08-27 06:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-01 06:59 - 2016-08-27 06:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-01 06:59 - 2016-08-27 06:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-01 06:59 - 2016-08-20 08:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-01 06:59 - 2016-08-20 08:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-01 06:59 - 2016-08-20 07:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-01 06:59 - 2016-08-20 07:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-01 06:59 - 2016-08-20 07:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-01 06:59 - 2016-08-20 07:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-01 06:59 - 2016-08-20 07:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-01 06:59 - 2016-08-20 07:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-01 06:59 - 2016-08-20 07:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-01 06:59 - 2016-08-20 07:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-01 06:59 - 2016-08-20 07:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-01 06:59 - 2016-08-20 07:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-01 06:59 - 2016-08-20 07:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-01 06:59 - 2016-08-20 07:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-01 06:59 - 2016-08-20 07:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-01 06:59 - 2016-08-20 07:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-01 06:59 - 2016-08-20 07:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-01 06:59 - 2016-08-20 07:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-01 06:59 - 2016-08-20 07:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-01 06:59 - 2016-08-20 07:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-01 06:59 - 2016-08-20 06:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-01 06:59 - 2016-08-20 06:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-01 06:58 - 2016-08-27 14:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-01 06:58 - 2016-08-27 11:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-01 06:58 - 2016-08-27 06:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-01 06:58 - 2016-08-27 06:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-01 06:58 - 2016-08-20 08:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-01 06:58 - 2016-08-20 07:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-01 06:58 - 2016-08-20 07:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-01 06:58 - 2016-08-20 07:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-01 06:58 - 2016-08-20 07:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-01 06:58 - 2016-08-20 07:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-01 06:58 - 2016-08-20 07:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-01 06:58 - 2016-08-20 07:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-01 06:58 - 2016-08-20 07:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-01 06:58 - 2016-08-20 07:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-01 06:58 - 2016-08-20 07:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-01 06:58 - 2016-08-20 07:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-01 06:58 - 2016-08-20 07:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-01 06:58 - 2016-08-20 07:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-01 06:58 - 2016-08-20 07:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-01 06:58 - 2016-08-20 07:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-01 06:58 - 2016-08-20 07:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-01 06:58 - 2016-08-20 07:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-01 06:58 - 2016-08-20 07:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-01 06:58 - 2016-08-20 07:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-01 06:58 - 2016-08-20 07:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-01 06:58 - 2016-08-20 07:08 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-01 06:58 - 2016-08-20 07:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-01 06:58 - 2016-08-20 07:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-01 06:58 - 2016-08-20 07:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-01 06:58 - 2016-08-20 07:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-01 06:58 - 2016-08-20 07:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-01 06:58 - 2016-08-20 07:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-01 06:58 - 2016-08-20 07:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-01 06:58 - 2016-08-20 07:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-01 06:58 - 2016-08-20 07:00 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-01 06:58 - 2016-08-20 06:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-01 06:58 - 2016-08-20 06:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-01 06:58 - 2016-08-20 06:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-01 06:58 - 2016-08-20 06:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-01 06:58 - 2016-08-20 06:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-01 06:58 - 2016-08-20 06:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-01 06:58 - 2016-08-20 06:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-01 06:58 - 2016-08-20 06:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-01 06:58 - 2016-08-19 03:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-08-30 18:14 - 2016-08-30 18:14 - 00035615 _____ C:\Users\User\Downloads\game4.htm
2016-08-29 12:58 - 2016-08-29 12:58 - 00005570 _____ C:\Users\User\Downloads\Customer Statements (2).PDF
2016-08-29 12:57 - 2016-08-29 12:57 - 00005618 _____ C:\Users\User\Downloads\Customer Statements.PDF
2016-08-29 12:57 - 2016-08-29 12:57 - 00005618 _____ C:\Users\User\Downloads\Customer Statements (1).PDF
2016-08-27 08:33 - 2016-08-27 08:32 - 01917404 _____ C:\Users\User\Desktop\TooMuchTNT v3.0.jar
2016-08-27 08:31 - 2016-08-27 08:32 - 01917404 _____ C:\Users\User\Downloads\TooMuchTNT v3.0.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-25 21:13 - 2015-07-02 05:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-25 21:07 - 2016-03-11 08:19 - 01702986 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-25 21:05 - 2016-03-23 17:06 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-25 21:03 - 2015-07-01 20:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2016-09-25 21:01 - 2016-08-12 04:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-25 21:01 - 2016-08-12 03:57 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-25 21:01 - 2016-08-12 03:56 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-09-25 21:01 - 2015-06-27 12:08 - 00000000 __SHD C:\Users\User\IntelGraphicsProfiles
2016-09-25 21:00 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-25 21:00 - 2016-07-16 08:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-09-25 20:59 - 2016-08-12 03:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-25 11:59 - 2016-03-01 07:59 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2016-09-25 06:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-24 15:20 - 2015-09-28 15:10 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2016-09-24 06:25 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-22 13:07 - 2016-01-15 10:27 - 00000000 ____D C:\Users\User\Documents\HUDSON FEES 2016 - DEBT ORDER FORM_files
2016-09-22 07:19 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-21 20:21 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-21 17:34 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-21 17:34 - 2015-09-09 05:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-21 17:32 - 2016-08-12 03:54 - 00338688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-21 17:30 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-09-21 17:30 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-21 17:29 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-21 17:29 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-20 16:51 - 2015-07-02 05:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-20 16:37 - 2015-06-28 19:25 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-19 18:15 - 2016-08-17 15:19 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA Corporation
2016-09-19 18:13 - 2016-08-12 03:56 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-09-19 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-19 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-09-19 18:10 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-09-19 18:09 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-09-19 18:09 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Help
2016-09-19 18:09 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Globalization
2016-09-19 18:09 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-19 18:09 - 2015-09-05 15:32 - 00000000 ____D C:\Users\User\AppData\Local\Akamai
2016-09-19 18:09 - 2015-06-27 19:08 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA
2016-09-19 18:08 - 2016-08-12 03:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-09-19 18:08 - 2016-08-12 03:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-09-19 18:08 - 2016-05-29 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-09-19 18:08 - 2015-06-27 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-09-19 18:01 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\registration
2016-09-19 17:53 - 2015-07-01 19:06 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2016-09-19 17:51 - 2015-08-12 18:38 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-09-18 11:15 - 2016-01-15 18:44 - 00001198 _____ C:\Users\User\Desktop\nativelog.txt
2016-09-18 11:13 - 2016-02-27 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\Elgato
2016-09-15 12:00 - 2016-08-12 04:13 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 08:34 - 2016-01-14 17:01 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-09-15 08:34 - 2015-11-24 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-09-14 11:24 - 2015-06-27 14:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-14 11:20 - 2015-06-27 14:46 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-11 12:18 - 2016-07-16 13:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-11 08:01 - 2015-08-09 08:31 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2016-09-11 07:57 - 2015-10-02 18:38 - 00000000 ____D C:\Riot Games
2016-09-11 07:55 - 2016-02-27 18:04 - 00000000 ____D C:\Program Files\Elgato
2016-09-11 07:55 - 2015-06-27 09:12 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2016-09-10 20:54 - 2015-07-01 19:06 - 00000000 ____D C:\ProgramData\Oracle
2016-09-10 20:54 - 2015-07-01 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-10 20:54 - 2015-07-01 19:06 - 00000000 ____D C:\Program Files (x86)\Java
2016-09-10 20:53 - 2015-07-01 19:06 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-09-10 13:29 - 2015-06-27 09:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-07 18:32 - 2016-07-16 13:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 18:32 - 2016-07-16 13:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-02 14:11 - 2016-06-10 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2016-09-02 14:11 - 2016-06-10 09:50 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-09-01 06:12 - 2016-07-16 13:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-09-01 06:11 - 2016-07-16 13:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-09-01 06:11 - 2016-07-16 13:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-09-01 06:11 - 2016-07-16 13:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-26 01:27 - 2016-08-17 16:30 - 03448808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-26 01:27 - 2016-06-10 00:55 - 03906992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-26 01:27 - 2015-11-10 01:12 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb

==================== Files in the root of some directories =======

2016-09-18 10:32 - 2016-09-18 10:32 - 0000128 ____H () C:\Users\User\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-09-28 15:05 - 2015-09-28 15:05 - 0001167 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.1.txt
2015-09-28 15:05 - 2016-01-14 16:16 - 0000905 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt
2015-09-28 15:05 - 2016-01-14 16:16 - 0000000 _____ () C:\Users\User\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-06-07 15:39 - 2016-06-07 15:39 - 0000003 _____ () C:\Users\User\AppData\Local\updater.log
2016-06-07 15:39 - 2016-08-06 11:41 - 0000424 _____ () C:\Users\User\AppData\Local\UserProducts.xml
2015-10-08 18:47 - 2015-10-08 18:47 - 0045262 _____ () C:\ProgramData\1444322820.bdinstall.bin
2015-10-08 18:50 - 2015-10-08 18:52 - 0040624 _____ () C:\ProgramData\1444323055.4488.bin
2015-10-08 18:51 - 2015-10-08 18:52 - 0002068 _____ () C:\ProgramData\1444323055.5752.bin
2015-10-08 18:51 - 2015-10-08 18:52 - 0000189 _____ () C:\ProgramData\1444323055.5788.bin
2016-01-14 17:01 - 2016-01-14 17:01 - 0045332 _____ () C:\ProgramData\1452783670.bdinstall.bin
2016-01-14 17:40 - 2016-01-14 17:40 - 0045128 _____ () C:\ProgramData\1452786010.bdinstall.bin
2016-01-14 17:41 - 2016-01-14 17:41 - 0045128 _____ () C:\ProgramData\1452786056.bdinstall.bin
2016-01-14 17:50 - 2016-01-14 17:50 - 0041434 _____ () C:\ProgramData\1452786623.3472.bin
2016-01-14 17:50 - 2016-01-14 17:50 - 0002053 _____ () C:\ProgramData\1452786623.5736.bin
2016-01-14 18:27 - 2016-01-14 18:27 - 0440062 _____ () C:\ProgramData\1452786822.bdinstall.bin
2016-01-14 19:41 - 2016-01-14 19:41 - 0807377 _____ () C:\ProgramData\1452788868.bdinstall.bin
2016-02-13 20:14 - 2016-02-13 20:14 - 0037474 _____ () C:\ProgramData\1455387263.bdinstall.bin
2016-02-13 20:14 - 2016-02-13 20:14 - 0097695 _____ () C:\ProgramData\1455387266.bdinstall.bin
2016-09-18 10:32 - 2016-09-18 10:32 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
C:\Users\User\AppData\Local\Temp\avguirn_08460236153.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\User\AppData\Local\Temp\jansi-64-1166707861596623273.dll
C:\Users\User\AppData\Local\Temp\jansi-64-1406112794975243204.dll
C:\Users\User\AppData\Local\Temp\jansi-64-1412852050166626641.dll
C:\Users\User\AppData\Local\Temp\jansi-64-2406184572590512454.dll
C:\Users\User\AppData\Local\Temp\jansi-64-2490708826359407130.dll
C:\Users\User\AppData\Local\Temp\jansi-64-2672518734067061063.dll
C:\Users\User\AppData\Local\Temp\jansi-64-3333298533386498640.dll
C:\Users\User\AppData\Local\Temp\jansi-64-3631533707543868771.dll
C:\Users\User\AppData\Local\Temp\jansi-64-4175724357584508835.dll
C:\Users\User\AppData\Local\Temp\jansi-64-4263622922426696200.dll
C:\Users\User\AppData\Local\Temp\jansi-64-5025608851721093831.dll
C:\Users\User\AppData\Local\Temp\jansi-64-5244734630504168419.dll
C:\Users\User\AppData\Local\Temp\jansi-64-6154306298150175639.dll
C:\Users\User\AppData\Local\Temp\jansi-64-6610613009549747368.dll
C:\Users\User\AppData\Local\Temp\jansi-64-9097410613787825533.dll
C:\Users\User\AppData\Local\Temp\jansi-64-9127691171352674704.dll
C:\Users\User\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\User\AppData\Local\Temp\nvscpapisvr.exe
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-20 06:27

==================== End of FRST.txt ============================

Thanks you kevin I really appeciate your help in my time in need

-Wolfsi

 

 

Addition.txt

Link to post
Share on other sites

Thanks for those logs Wolfsi, continue please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

 

Fixlist.txt

Link to post
Share on other sites

Quote

 

1. Sorry Kevin I found the fix button here is there log

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by User (26-09-2016 06:22:32) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\Users\User\AppData\Roaming:iSpring Solutions [128]
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData => ":iSpring Solutions" ADS removed successfully.
"C:\Users\All Users" => ":iSpring Solutions" ADS not found.
C:\Users\User\AppData\Roaming => ":iSpring Solutions" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 5768445 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22245060 B
Java, Flash, Steam htmlcache => 23130985 B
Windows/system/drivers => 4294902183 B
Edge => 115869813 B
Chrome => 118157038 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8932472 B
NetworkService => 5169572 B
User => 2446226310 B

RecycleBin => 0 B
EmptyTemp: => 6.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 06:24:42 ====

2. Ok the log for the Adware Cleaner is here

# AdwCleaner v6.020 - Logfile created 26/09/2016 at 06:34:43
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-25.1 [Server]
# Operating System : Windows 10 Home Single Language  (X64)
# Username : User - CONNORPC
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\apn
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[-] Folder deleted: C:\Program Files (x86)\avg web tuneup
[-] Folder deleted: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Files ] *****

[-] File deleted: C:\prefs.js


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-2820685085-2590210468-4070006062-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystart.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystart.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: aaaaadgepjkdffhjbkfjgnnffnfcffbg
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 2] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 3] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3546 Bytes] - [26/09/2016 06:34:43]
C:\AdwCleaner\AdwCleaner[S0].txt - [3698 Bytes] - [26/09/2016 06:33:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3692 Bytes] ##########

3. The Sophis Virus Removal is still currently scanning I will update when it is done.

4. My only concern is there any keyloggers on my pc since everything yields no for malware?

And will I be able to play on it again without worrying about typing in my password?

Link to post
Share on other sites

Yes Sophos does check for keyloggers, rootkits, virus, malware also hijacker and trojan. Run one more scan...

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!
Link to post
Share on other sites

Ok I downloaded RogueKiller and here is the report

RogueKiller V12.6.4.0 (x64) [Sep 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/26/2016 10:15:42 (Duration : 00:34:41)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6B3ACAE7-A5DC-4FF8-AD00-1B01D5AEE6BA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34924EB9-DA0F-45C3-B1B2-8C56120922A1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6B3ACAE7-A5DC-4FF8-AD00-1B01D5AEE6BA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34924EB9-DA0F-45C3-B1B2-8C56120922A1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS +++++
--- User ---
[MBR] c6bf54df5f1868647e2c526ce01c626a
[BSP] 571eac1a20bdb3d05faa4b96d992422c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 144200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 296040448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 296962048 | Size: 93473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

It looks as if my minecraft launcher is going into my firewall but I have enabled it to go throught so I can play LAN but strange I have enabled it on other games but it didnt report them I am not sure what the PUP is I willl not remove the items I wil wait on your call.

 

 

Link to post
Share on other sites

Yes the RK log is not showing anything malicious or infected, the minecraft entries are listed as suspicious as they have an opening in the Firewall, however they are also coded as safe to use.....

There is one entry listed as a PUP (potentially unwanted program) in browser helper objects, that is a remnant of AVG toolbar, that toolbar may offer or exhibit borderline or questionable behavior, as such it is usually removed. As the entry is a remnant we still need to remove it....

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found

Make sure that entry is Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.
 
Let me see that log, also tell me if you have any remaining issues or concerns... I know you worry about keyloggers, security scan logs indicate a clean system...
 
Thank you,
 
Kevin
Link to post
Share on other sites

RogueKiller V12.6.4.0 (x64) [Sep 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : User [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/26/2016 10:15:42 (Duration : 00:34:41)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6B3ACAE7-A5DC-4FF8-AD00-1B01D5AEE6BA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34924EB9-DA0F-45C3-B1B2-8C56120922A1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6B3ACAE7-A5DC-4FF8-AD00-1B01D5AEE6BA} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {34924EB9-DA0F-45C3-B1B2-8C56120922A1} : v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\Users\User\AppData\Roaming\.minecraft\MinecraftLauncher.exe|Name=Minecraft launcher| [7] -> ERROR [2]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3250318AS +++++
--- User ---
[MBR] c6bf54df5f1868647e2c526ce01c626a
[BSP] 571eac1a20bdb3d05faa4b96d992422c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 144200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 296040448 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 296962048 | Size: 93473 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Your system is clean, lets clean upi;

Download and run the following UNinstaller to remove Sophos and Zemana:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.