locked out

Jpen10 · February 26, 2017

here is the rk

rk.txt

Jpen10 · February 26, 2017

here is the rk

Edited February 26, 2017 by Jpen10
duplicate

kevinf80 · February 26, 2017

start emergency kit scanner.exe is the one to choose...

Jpen10 · February 26, 2017

Kevin, I went ahead and ran the start emergency kit scanner. and here is the log file contents.

Emsisoft Emergency Kit - Version 12.0
Scan log

Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
2/26/2017 11:55:51 AM Malware 81494 1 0:12:14 Manual scan JIM-PC

kevinf80 · February 26, 2017

Will malwarebytes run..?

Jpen10 · February 26, 2017

i thought i posted this before, but it didn't show.

i ran the eek as start emergency kit scanner and her is the output file result;

Emsisoft Emergency Kit - Version 12.0
Scan log

Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
2/26/2017 11:55:51 AM Malware 81494 1 0:12:14 Manual scan JIM-PC

Jpen10 · February 26, 2017

I installed a fresh version from your earlier post and no, i still get "the requested resource in in use."

kevinf80 · February 26, 2017

Lets run a windows repair tool, see if Malwarebytes will run when this is completed...

Download Portable Windows Repair (all in one) from one of the following:

www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip

http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html

https://www.bleepingcomputer.com/download/windows-repair-all-in-one/

Unzip the contents into a newly created folder on your desktop.

Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode

Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

From the main GUI do the following:

Select Tab 5 to make Registry backup, use the recommended option...

When complete select "Repairs" tab, from there select "Open Repairs" tab..

From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab....

When complete re-boot your system, see if there is any improvement...

Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt

Thank you,

Kevin

Jpen10 · February 26, 2017

Repair_windows won't open in safe mode

Edited February 26, 2017 by Jpen10

kevinf80 · February 26, 2017

You can try in Normal mode, disconnect your internet connection and turn off all security....

Jpen10 · February 27, 2017

The Windows Repair finished and now it has been in reboot, "Getting Windows Ready Do Not Turn Off Your Computer" for the past 1 1/2 hours and it finally booted to the login.

Still can't run the Malwarebytes program I get the video same msg; ... Resource in use.

Jpen10 · February 27, 2017

I've about had it. Seems to be working fine. I'll have to monitor my grandson when he tries to install anything.

kevinf80 · February 27, 2017

Thanks for the update, yes I understand your frustation as we do not make good headway.. Can you UNinstall Malwarebytes and then reboot your system, run FRST and post fresh logs..

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Thank you,

Kevin...

Jpen10 · February 27, 2017

Here they are. Again, thanks for the help.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by Jim (27-02-2017 06:59:17)
Running from C:\Users\Jim\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-24 12:08:15)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-783448517-647833336-481893931-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-783448517-647833336-481893931-503 - Limited - Disabled)
Guest (S-1-5-21-783448517-647833336-481893931-501 - Limited - Disabled)
Jim (S-1-5-21-783448517-647833336-481893931-1001 - Administrator - Enabled) => C:\Users\Jim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.5 - Power Software Ltd)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Free Image Editor 2.4 (HKLM-x32\...\Free Image Editor 2.4_is1) (Version: - AskedFiles)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.21.610 - Digital Wave Ltd)
GoldWave v6.24 (HKLM\...\GoldWave v6.24) (Version: 6.24 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Microsoft OneDrive (HKU\S-1-5-21-783448517-647833336-481893931-1001\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
PhotoFiltre 7 (HKU\S-1-5-21-783448517-647833336-481893931-1001\...\PhotoFiltre 7) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vumaa (x32 Version: 1.0.0 - Vumaa) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1DF06365-6B2C-4E45-AB8A-0338D5438DF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A95A65CB-F37F-4585-83B8-02DF96F0315D} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-02-25 19:48 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-25 19:48 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 05:32 - 2016-09-24 05:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-02-25 19:46 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-25 19:44 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-25 19:44 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-25 19:44 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-02-25 19:44 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-02-25 19:44 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-25 19:44 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-25 20:04 - 2017-02-25 20:05 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-25 20:04 - 2017-02-25 20:05 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-25 20:04 - 2017-02-25 20:05 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-25 20:04 - 2017-02-25 20:05 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-25 20:04 - 2017-02-25 20:04 - 00123384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10301.0_x64__8wekyb3d8bbwe\GNSDK_FP.DLL
2017-02-25 20:02 - 2017-02-25 20:03 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-25 20:02 - 2017-02-25 20:03 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 05:18 - 2016-06-03 05:18 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-25 20:02 - 2017-02-25 20:03 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-02-25 20:02 - 2017-02-25 20:03 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-25 19:44 - 2016-12-20 23:49 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll
2017-02-26 18:44 - 2017-02-26 18:44 - 00098816 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32api.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00110080 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\pywintypes27.dll
2017-02-26 18:44 - 2017-02-26 18:44 - 00364544 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\pythoncom27.dll
2017-02-26 18:44 - 2017-02-26 18:44 - 00320512 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32com.shell.shell.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00914432 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_hashlib.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 01176576 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._core_.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00806400 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._gdi_.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00816128 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._windows_.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 01067008 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._controls_.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00733184 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._misc_.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00682496 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\pysqlite2._sqlite.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00088064 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_ctypes.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00686080 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\unicodedata.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00119808 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32file.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00108544 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32security.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00007168 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\hashobjs_ext.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00017920 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\thumbnails_ext.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00088064 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\usb_ext.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00012800 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\common.time34.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00018432 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32event.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00167936 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32gui.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00046080 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_socket.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 01303552 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_ssl.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00128512 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_elementtree.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00127488 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\pyexpat.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00038912 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32inet.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00036864 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_psutil_windows.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00524248 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\windows._lib_cacheinvalidation.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00011264 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32crypt.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00123392 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._wizard.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00077312 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._html2.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00027648 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_multiprocessing.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00020480 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\_yappi.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00035840 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32process.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00078848 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\wx._animate.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00024064 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32pipe.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00010240 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\select.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00025600 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32pdh.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00017408 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32profile.pyd
2017-02-26 18:44 - 2017-02-26 18:44 - 00022528 ____R () C:\Users\Jim\AppData\Local\Temp\_MEI33242\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-02-26 16:26 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-783448517-647833336-481893931-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jim\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win8img.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: WSearch => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{879D9F3D-0A73-45F1-A2DA-12ED46127E80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B008137-5F84-4809-9070-5950BCA6C76A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{250B2D45-23D5-4B74-AED0-658047E5C530}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{473AD362-1498-4AF7-9580-060C363D3A79}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04715A09-8533-4395-83BD-24E52FF0D711}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{41669055-1B9D-457D-AA0C-D7AF68CB7D9D}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{073CB8C7-5E33-4D29-9682-2EE6C072F931}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{57951344-6AF1-4839-9FA2-E4F1221AEA6D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B7B48F01-2D5E-485B-BFBA-C63F4FF753CB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D2BDBA2D-DC75-4777-8FD2-78F67E962DBC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{8C82BE9B-F00B-4C5E-9551-C0DEB0DFBB56}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A6978D68-7287-4C1C-A946-1178C1F65B8F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{81416A4B-3733-45DC-8A14-2483830BC6E2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{09D983AE-6554-4983-A380-C15E860307AF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{FA9E2551-4FD5-4A84-903F-0F9F0123B69B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5ECE3246-505E-4145-8ECE-356A488BE3C8}] => (Allow) C:\Program Files (x86)\sorrier\equalized.exe
FirewallRules: [{350422A7-6665-4018-B69A-C42A97BED256}] => (Allow) C:\Program Files (x86)\sorrier\harold.exe
FirewallRules: [TCP Query User{F567F884-272F-45FB-8141-EA51BDF61B3B}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [UDP Query User{7432D085-E847-4C62-9209-7922D1B8CBD7}C:\program files (x86)\google\chrome\application\chrome334.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome334.exe
FirewallRules: [{A6E8CA20-02D4-4B21-BA4B-2EBD42C99386}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-02-2017 15:16:43 JRT Pre-Junkware Removal
25-02-2017 09:02:17 Removed Online.io Application
25-02-2017 09:03:53 Removed Online.io Application
25-02-2017 09:05:47 Removed Traffic Exchange

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2017 08:12:52 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: JIM-PC)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (02/26/2017 07:08:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1e68
Faulting application start time: 0x01d2909e5e224550
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 5fd8fa58-868f-4814-a4cc-0b480b1dff46
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/26/2017 07:08:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1e68
Faulting application start time: 0x01d2909e5e224550
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 11c4c1e4-8530-4494-8e20-88ff712e06aa
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/26/2017 07:08:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1b10
Faulting application start time: 0x01d2909e59130ecc
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: e4e94e4a-f3b7-4d35-858d-77491678b5f3
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/26/2017 07:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1b10
Faulting application start time: 0x01d2909e59130ecc
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: d3a0649a-0280-4d9d-b42d-3a869ecec657
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/26/2017 06:44:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Jim\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/26/2017 06:41:14 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (02/26/2017 06:40:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/26/2017 06:03:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JIM-PC)
Description: Activation of app Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (02/27/2017 05:26:21 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:26:12 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:26:03 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:25:54 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:25:45 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:25:36 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:25:27 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:25:18 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:23:27 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (02/27/2017 05:23:18 AM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

CodeIntegrity:
===================================
Date: 2017-02-25 18:26:13.951
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-02-23 17:19:17.158
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-23 17:19:17.157
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-20 09:46:50.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-20 09:46:50.387
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-31 10:41:20.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-31 10:41:20.189
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-31 10:41:03.403
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-31 10:41:03.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-07 11:49:55.645
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-5500 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 27%
Total physical RAM: 7645.61 MB
Available physical RAM: 5539.42 MB
Total Virtual: 8861.61 MB
Available Virtual: 6414.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:865.09 GB) NTFS
Drive d: (TurboTax 2016) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1667168B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-02-2017
Ran by Jim (administrator) on JIM-PC (27-02-2017 06:57:02)
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available Profiles: Jim)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17012.10301.0_x64__8wekyb3d8bbwe\Music.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-783448517-647833336-481893931-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-783448517-647833336-481893931-1001\...\Run: [Chromium] => c:\users\jim\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-783448517-647833336-481893931-1001\...\MountPoints2: {fdd1f285-096e-11e6-824f-806e6f6e6963} - "D:\setup.exe"
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{5497f104-c6d0-41aa-8aec-fda2691bb19d}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-24] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-24] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-783448517-647833336-481893931-1001 -> hxxp://foxnews.com/

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-24] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://foxnews.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default [2017-02-26]
CHR Extension: (Google Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-23]
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-23]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (Safer Search Results) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\begnofcbcefcedmomgdlmgcpmjafablp [2016-08-25]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-01-29]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Ebates Cash Back) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-02-22]
CHR Extension: (Google Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Planetarium) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2016-04-23]
CHR Extension: (Muzik Fury) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgdapiklnfpdonfeopollmlpfjaphcb [2016-10-05]
CHR Extension: (CouponXplorer) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmjjokfbcjicbibeadflnnhdaglbbga [2017-01-13]
CHR Extension: (Skype) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-02-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-23]
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\System Profile [2017-02-25]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-23] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 drmkpro64; C:\WINDOWS\System32\drivers\drmkpro64.sys [51784 2017-02-22] () [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 06:57 - 2017-02-27 06:57 - 00016798 _____ C:\Users\Jim\Downloads\FRST.txt
2017-02-27 06:56 - 2017-02-27 06:56 - 00000000 ____D C:\Users\Jim\Downloads\FRST-OlderVersion
2017-02-26 19:00 - 2017-02-26 19:00 - 00335539 _____ C:\Users\Jim\Downloads\2479.pdf
2017-02-26 12:41 - 2017-02-26 12:49 - 00000000 ____D C:\Users\Jim\AppData\Local\PasswordSafe
2017-02-26 12:41 - 2017-02-26 12:43 - 00000000 ____D C:\Users\Jim\Documents\My Safes
2017-02-26 12:31 - 2017-02-26 12:31 - 00000017 _____ C:\Users\Jim\AppData\Local\resmon.resmoncfg
2017-02-26 12:28 - 2017-02-26 12:28 - 00000000 ___RD C:\Users\Jim\Documents\Scanned Documents
2017-02-26 12:28 - 2017-02-26 12:28 - 00000000 ____D C:\Users\Jim\Documents\Fax
2017-02-26 09:27 - 2017-02-26 12:11 - 00000000 ____D C:\EEK
2017-02-25 19:48 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-25 19:48 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-02-25 19:48 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-02-25 19:48 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-25 19:48 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-02-25 19:48 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-25 19:48 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-02-25 19:48 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-25 19:48 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-25 19:48 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-25 19:48 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-02-25 19:48 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-02-25 19:48 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-02-25 19:48 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-25 19:48 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-25 19:48 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-02-25 19:48 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-25 19:48 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-02-25 19:48 - 2016-12-09 03:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-25 19:48 - 2016-12-09 03:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-25 19:48 - 2016-12-09 03:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-25 19:48 - 2016-12-09 03:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-25 19:48 - 2016-12-09 03:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-02-25 19:48 - 2016-12-09 03:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-02-25 19:48 - 2016-12-09 03:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-25 19:48 - 2016-12-09 02:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-25 19:48 - 2016-12-09 02:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-02-25 19:48 - 2016-12-09 02:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-25 19:48 - 2016-11-11 03:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-02-25 19:48 - 2016-11-11 03:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-02-25 19:48 - 2016-11-11 02:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-02-25 19:48 - 2016-11-11 02:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-25 19:48 - 2016-11-11 02:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-02-25 19:48 - 2016-11-11 02:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-02-25 19:48 - 2016-11-11 02:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-25 19:48 - 2016-11-11 02:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-02-25 19:48 - 2016-11-11 02:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-25 19:48 - 2016-11-11 02:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-25 19:48 - 2016-11-11 02:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-25 19:48 - 2016-11-11 00:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-25 19:48 - 2016-11-11 00:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-02-25 19:48 - 2016-11-11 00:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-25 19:48 - 2016-11-11 00:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-25 19:48 - 2016-11-11 00:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-25 19:48 - 2016-11-11 00:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-02-25 19:48 - 2016-11-11 00:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-02-25 19:48 - 2016-11-11 00:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-02-25 19:48 - 2016-11-11 00:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-25 19:48 - 2016-11-11 00:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-25 19:48 - 2016-11-11 00:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-25 19:48 - 2016-11-11 00:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-02-25 19:48 - 2016-11-11 00:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-02-25 19:48 - 2016-11-11 00:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-25 19:48 - 2016-11-11 00:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-25 19:48 - 2016-11-02 04:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-02-25 19:48 - 2016-11-02 04:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-02-25 19:48 - 2016-11-02 03:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-02-25 19:48 - 2016-11-02 03:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-02-25 19:48 - 2016-11-02 03:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-02-25 19:48 - 2016-11-02 03:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-02-25 19:48 - 2016-10-14 21:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-02-25 19:48 - 2016-10-14 21:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-02-25 19:48 - 2016-10-14 21:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-02-25 19:48 - 2016-10-14 21:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-02-25 19:48 - 2016-10-14 21:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-02-25 19:48 - 2016-10-14 21:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-02-25 19:48 - 2016-10-14 20:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-02-25 19:48 - 2016-10-14 20:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-02-25 19:48 - 2016-10-14 20:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-02-25 19:48 - 2016-10-14 20:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-02-25 19:48 - 2016-10-14 20:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-02-25 19:48 - 2016-10-14 20:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-02-25 19:48 - 2016-10-14 20:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-02-25 19:48 - 2016-10-05 02:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-02-25 19:47 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-02-25 19:47 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-02-25 19:47 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-25 19:47 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-25 19:47 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-25 19:47 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-25 19:47 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-02-25 19:47 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-02-25 19:47 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-25 19:47 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-02-25 19:47 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-02-25 19:47 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-25 19:47 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-02-25 19:47 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-02-25 19:47 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-25 19:47 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-02-25 19:47 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-02-25 19:47 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-25 19:47 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-02-25 19:47 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-02-25 19:47 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-02-25 19:47 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-02-25 19:47 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-02-25 19:47 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-02-25 19:47 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-02-25 19:47 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-25 19:47 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-02-25 19:47 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-02-25 19:47 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-02-25 19:47 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-02-25 19:47 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-02-25 19:47 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-25 19:47 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-25 19:47 - 2016-12-09 03:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-25 19:47 - 2016-12-09 03:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-25 19:47 - 2016-12-09 03:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-02-25 19:47 - 2016-12-09 03:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-02-25 19:47 - 2016-12-09 03:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-02-25 19:47 - 2016-12-09 03:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-25 19:47 - 2016-12-09 03:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-25 19:47 - 2016-12-09 02:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-25 19:47 - 2016-12-09 02:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-02-25 19:47 - 2016-12-09 02:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-02-25 19:47 - 2016-12-09 02:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-25 19:47 - 2016-12-09 02:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-25 19:47 - 2016-12-09 02:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-25 19:47 - 2016-12-09 02:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-02-25 19:47 - 2016-12-09 02:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-02-25 19:47 - 2016-12-09 02:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-25 19:47 - 2016-12-09 02:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-02-25 19:47 - 2016-12-09 02:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-02-25 19:47 - 2016-12-09 02:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-02-25 19:47 - 2016-12-09 02:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-02-25 19:47 - 2016-12-09 02:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-02-25 19:47 - 2016-12-09 01:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-25 19:47 - 2016-11-11 03:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-02-25 19:47 - 2016-11-11 03:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-02-25 19:47 - 2016-11-11 03:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-02-25 19:47 - 2016-11-11 03:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-02-25 19:47 - 2016-11-11 03:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-02-25 19:47 - 2016-11-11 03:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-02-25 19:47 - 2016-11-11 02:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-02-25 19:47 - 2016-11-11 02:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-02-25 19:47 - 2016-11-11 02:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-02-25 19:47 - 2016-11-11 02:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-25 19:47 - 2016-11-11 02:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-02-25 19:47 - 2016-11-11 02:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-02-25 19:47 - 2016-11-11 02:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-02-25 19:47 - 2016-11-11 02:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-02-25 19:47 - 2016-11-11 02:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-25 19:47 - 2016-11-11 02:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-25 19:47 - 2016-11-11 02:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-02-25 19:47 - 2016-11-11 02:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-02-25 19:47 - 2016-11-11 02:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-25 19:47 - 2016-11-11 02:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-02-25 19:47 - 2016-11-11 02:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-02-25 19:47 - 2016-11-11 02:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-02-25 19:47 - 2016-11-11 02:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-25 19:47 - 2016-11-11 02:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-02-25 19:47 - 2016-11-11 02:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-02-25 19:47 - 2016-11-11 02:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-02-25 19:47 - 2016-11-11 02:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-02-25 19:47 - 2016-11-11 02:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-02-25 19:47 - 2016-11-11 02:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-25 19:47 - 2016-11-11 02:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-02-25 19:47 - 2016-11-11 02:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-02-25 19:47 - 2016-11-11 02:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-25 19:47 - 2016-11-11 02:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-02-25 19:47 - 2016-11-11 01:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-02-25 19:47 - 2016-11-11 01:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-25 19:47 - 2016-11-11 00:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-02-25 19:47 - 2016-11-11 00:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-25 19:47 - 2016-11-11 00:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-25 19:47 - 2016-11-11 00:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-02-25 19:47 - 2016-11-11 00:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-25 19:47 - 2016-11-11 00:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-02-25 19:47 - 2016-11-11 00:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-25 19:47 - 2016-11-11 00:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-25 19:47 - 2016-11-11 00:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-02-25 19:47 - 2016-11-11 00:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-02-25 19:47 - 2016-11-11 00:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-25 19:47 - 2016-11-11 00:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-25 19:47 - 2016-11-11 00:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-02-25 19:47 - 2016-11-11 00:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-25 19:47 - 2016-11-11 00:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-02-25 19:47 - 2016-11-02 04:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-02-25 19:47 - 2016-11-02 04:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2017-02-25 19:47 - 2016-11-02 04:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-02-25 19:47 - 2016-11-02 04:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-02-25 19:47 - 2016-11-02 04:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-02-25 19:47 - 2016-11-02 04:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-02-25 19:47 - 2016-11-02 04:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2017-02-25 19:47 - 2016-11-02 04:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-02-25 19:47 - 2016-11-02 04:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-02-25 19:47 - 2016-11-02 03:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2017-02-25 19:47 - 2016-11-02 03:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2017-02-25 19:47 - 2016-11-02 03:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-02-25 19:47 - 2016-11-02 03:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2017-02-25 19:47 - 2016-11-02 03:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-02-25 19:47 - 2016-11-02 03:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-02-25 19:47 - 2016-11-02 03:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2017-02-25 19:47 - 2016-11-02 03:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2017-02-25 19:47 - 2016-11-02 03:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-02-25 19:47 - 2016-11-02 03:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-02-25 19:47 - 2016-11-02 03:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-02-25 19:47 - 2016-11-02 03:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-02-25 19:47 - 2016-11-02 03:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-02-25 19:47 - 2016-11-02 03:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2017-02-25 19:47 - 2016-11-02 03:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-02-25 19:47 - 2016-11-02 03:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2017-02-25 19:47 - 2016-11-02 03:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-02-25 19:47 - 2016-11-02 03:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2017-02-25 19:47 - 2016-11-02 03:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-02-25 19:47 - 2016-11-02 03:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2017-02-25 19:47 - 2016-11-02 03:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-02-25 19:47 - 2016-11-02 03:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-02-25 19:47 - 2016-11-02 03:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2017-02-25 19:47 - 2016-11-02 03:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-02-25 19:47 - 2016-11-02 03:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2017-02-25 19:47 - 2016-11-02 02:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-02-25 19:47 - 2016-11-02 02:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2017-02-25 19:47 - 2016-11-02 01:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-02-25 19:47 - 2016-10-14 21:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-02-25 19:47 - 2016-10-14 21:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-02-25 19:47 - 2016-10-14 21:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-02-25 19:47 - 2016-10-14 21:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-02-25 19:47 - 2016-10-14 21:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-02-25 19:47 - 2016-10-14 21:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-02-25 19:47 - 2016-10-14 21:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-02-25 19:47 - 2016-10-14 21:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2017-02-25 19:47 - 2016-10-14 21:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2017-02-25 19:47 - 2016-10-14 21:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-02-25 19:47 - 2016-10-14 21:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2017-02-25 19:47 - 2016-10-14 21:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-02-25 19:47 - 2016-10-14 21:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2017-02-25 19:47 - 2016-10-14 21:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2017-02-25 19:47 - 2016-10-14 20:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2017-02-25 19:47 - 2016-10-14 20:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2017-02-25 19:47 - 2016-10-14 20:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2017-02-25 19:47 - 2016-10-14 20:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2017-02-25 19:47 - 2016-10-14 20:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-02-25 19:47 - 2016-10-14 20:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-02-25 19:47 - 2016-10-14 20:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2017-02-25 19:47 - 2016-10-14 20:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2017-02-25 19:47 - 2016-10-14 20:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2017-02-25 19:47 - 2016-10-14 20:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-02-25 19:47 - 2016-10-14 20:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-02-25 19:47 - 2016-10-14 20:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-02-25 19:47 - 2016-10-14 20:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-02-25 19:47 - 2016-10-14 20:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2017-02-25 19:47 - 2016-10-14 20:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2017-02-25 19:47 - 2016-10-14 20:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2017-02-25 19:47 - 2016-10-14 20:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-02-25 19:47 - 2016-10-14 20:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-02-25 19:47 - 2016-10-14 20:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2017-02-25 19:47 - 2016-10-14 20:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2017-02-25 19:47 - 2016-10-14 20:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2017-02-25 19:47 - 2016-10-14 20:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-02-25 19:47 - 2016-10-14 20:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-02-25 19:47 - 2016-10-05 03:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-02-25 19:47 - 2016-10-05 03:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-02-25 19:47 - 2016-10-05 03:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-02-25 19:47 - 2016-10-05 03:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-02-25 19:47 - 2016-10-05 02:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-02-25 19:47 - 2016-10-05 02:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2017-02-25 19:47 - 2016-10-05 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-02-25 19:47 - 2016-10-05 02:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-02-25 19:47 - 2016-10-05 02:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-02-25 19:47 - 2016-10-05 02:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2017-02-25 19:47 - 2016-10-05 02:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-02-25 19:47 - 2016-10-05 02:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-02-25 19:47 - 2016-10-05 02:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2017-02-25 19:47 - 2016-10-05 02:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-02-25 19:47 - 2016-10-05 02:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2017-02-25 19:47 - 2016-10-05 02:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-02-25 19:47 - 2016-10-05 02:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-02-25 19:47 - 2016-10-05 02:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-02-25 19:47 - 2016-10-05 02:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-02-25 19:47 - 2016-10-05 02:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-02-25 19:47 - 2016-10-05 02:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-02-25 19:47 - 2016-10-05 02:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-02-25 19:47 - 2016-10-05 02:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-02-25 19:47 - 2016-10-05 02:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-02-25 19:47 - 2016-10-05 02:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-02-25 19:47 - 2016-10-05 02:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-02-25 19:47 - 2016-10-05 02:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-02-25 19:46 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-25 19:46 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-02-25 19:46 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-25 19:46 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-25 19:46 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-25 19:46 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-25 19:46 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-25 19:46 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-25 19:46 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-25 19:46 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-25 19:46 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-25 19:46 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-25 19:46 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-25 19:46 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-25 19:46 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-25 19:46 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-25 19:46 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-25 19:46 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-02-25 19:46 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-25 19:46 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-25 19:46 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-02-25 19:46 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-02-25 19:46 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-02-25 19:46 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-02-25 19:46 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-25 19:46 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-25 19:46 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-25 19:46 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-25 19:46 - 2016-12-09 03:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-25 19:46 - 2016-12-09 03:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-25 19:46 - 2016-12-09 03:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-25 19:46 - 2016-12-09 03:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-25 19:46 - 2016-12-09 03:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-25 19:46 - 2016-12-09 03:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-25 19:46 - 2016-12-09 02:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-02-25 19:46 - 2016-12-09 02:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-25 19:46 - 2016-12-09 02:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-02-25 19:46 - 2016-12-09 02:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-02-25 19:46 - 2016-12-09 02:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-25 19:46 - 2016-12-09 02:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-25 19:46 - 2016-12-09 02:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-02-25 19:46 - 2016-11-11 03:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-02-25 19:46 - 2016-11-11 03:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-25 19:46 - 2016-11-11 03:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-02-25 19:46 - 2016-11-11 03:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-25 19:46 - 2016-11-11 03:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-02-25 19:46 - 2016-11-11 02:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-25 19:46 - 2016-11-11 02:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-25 19:46 - 2016-11-11 02:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-02-25 19:46 - 2016-11-11 02:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-02-25 19:46 - 2016-11-11 02:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-02-25 19:46 - 2016-11-11 02:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-02-25 19:46 - 2016-11-11 02:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-02-25 19:46 - 2016-11-11 02:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-25 19:46 - 2016-11-11 02:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-02-25 19:46 - 2016-11-11 02:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-25 19:46 - 2016-11-11 02:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-25 19:46 - 2016-11-11 02:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-02-25 19:46 - 2016-11-11 02:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-02-25 19:46 - 2016-11-11 02:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-25 19:46 - 2016-11-11 02:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-02-25 19:46 - 2016-11-11 02:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-25 19:46 - 2016-11-11 02:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-25 19:46 - 2016-11-11 02:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-25 19:46 - 2016-11-11 02:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-25 19:46 - 2016-11-11 00:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-25 19:46 - 2016-11-11 00:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-25 19:46 - 2016-11-11 00:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-02-25 19:46 - 2016-11-11 00:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-02-25 19:46 - 2016-11-11 00:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-25 19:46 - 2016-11-11 00:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-25 19:46 - 2016-11-11 00:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-02-25 19:46 - 2016-11-11 00:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-25 19:46 - 2016-11-11 00:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-25 19:46 - 2016-11-11 00:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-25 19:46 - 2016-11-02 05:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-02-25 19:46 - 2016-11-02 04:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-02-25 19:46 - 2016-11-02 04:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-02-25 19:46 - 2016-11-02 03:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-02-25 19:46 - 2016-11-02 03:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-02-25 19:46 - 2016-11-02 03:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-02-25 19:46 - 2016-11-02 03:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2017-02-25 19:46 - 2016-11-02 03:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-02-25 19:46 - 2016-11-02 03:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-02-25 19:46 - 2016-11-02 03:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-02-25 19:46 - 2016-10-14 21:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-02-25 19:46 - 2016-10-14 21:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-02-25 19:46 - 2016-10-14 20:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2017-02-25 19:46 - 2016-10-14 20:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2017-02-25 19:46 - 2016-10-14 20:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2017-02-25 19:46 - 2016-10-14 20:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-02-25 19:46 - 2016-10-14 20:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-02-25 19:46 - 2016-10-14 20:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-02-25 19:46 - 2016-10-14 20:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-02-25 19:46 - 2016-10-14 20:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-02-25 19:46 - 2016-10-14 20:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-02-25 19:46 - 2016-10-14 20:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2017-02-25 19:46 - 2016-10-14 20:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-02-25 19:46 - 2016-10-05 03:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-02-25 19:46 - 2016-10-05 03:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-02-25 19:46 - 2016-10-05 02:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-02-25 19:46 - 2016-10-05 02:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-02-25 19:46 - 2016-10-05 02:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-02-25 19:46 - 2016-10-05 02:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-02-25 19:46 - 2016-10-05 02:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-02-25 19:46 - 2016-10-05 02:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-02-25 19:46 - 2016-10-05 02:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-02-25 19:46 - 2016-10-05 02:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-02-25 19:46 - 2016-10-05 02:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-02-25 19:46 - 2016-08-01 21:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-02-25 19:45 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-02-25 19:45 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-25 19:45 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-02-25 19:45 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-02-25 19:45 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-25 19:45 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-02-25 19:45 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-02-25 19:45 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-02-25 19:45 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-02-25 19:45 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-25 19:45 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-02-25 19:45 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-25 19:45 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-02-25 19:45 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-02-25 19:45 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-25 19:45 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-25 19:45 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-25 19:45 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-25 19:45 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-02-25 19:45 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-25 19:45 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-02-25 19:45 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-02-25 19:45 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-25 19:45 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-02-25 19:45 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-02-25 19:45 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-02-25 19:45 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-25 19:45 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-02-25 19:45 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-02-25 19:45 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-02-25 19:45 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-25 19:45 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-25 19:45 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-25 19:45 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-02-25 19:45 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-02-25 19:45 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-02-25 19:45 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-02-25 19:45 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-02-25 19:45 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-25 19:45 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-25 19:45 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-25 19:45 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-02-25 19:45 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-02-25 19:45 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-25 19:45 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-02-25 19:45 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-02-25 19:45 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-25 19:45 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-02-25 19:45 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-25 19:45 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-02-25 19:45 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-25 19:45 - 2016-12-09 03:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-25 19:45 - 2016-12-09 03:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-02-25 19:45 - 2016-12-09 03:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-25 19:45 - 2016-12-09 03:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-02-25 19:45 - 2016-12-09 03:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-25 19:45 - 2016-12-09 03:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-02-25 19:45 - 2016-12-09 03:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-25 19:45 - 2016-12-09 02:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-02-25 19:45 - 2016-12-09 02:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-25 19:45 - 2016-12-09 02:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-02-25 19:45 - 2016-12-09 02:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-02-25 19:45 - 2016-12-09 02:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-02-25 19:45 - 2016-12-09 02:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-25 19:45 - 2016-12-09 02:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-02-25 19:45 - 2016-12-09 02:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-25 19:45 - 2016-12-09 02:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-02-25 19:45 - 2016-12-09 02:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-25 19:45 - 2016-12-09 02:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-25 19:45 - 2016-12-09 02:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-02-25 19:45 - 2016-12-09 02:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-02-25 19:45 - 2016-11-11 03:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-02-25 19:45 - 2016-11-11 03:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-25 19:45 - 2016-11-11 03:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-25 19:45 - 2016-11-11 03:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-25 19:45 - 2016-11-11 02:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-02-25 19:45 - 2016-11-11 02:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-25 19:45 - 2016-11-11 02:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-25 19:45 - 2016-11-11 02:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-02-25 19:45 - 2016-11-11 02:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-02-25 19:45 - 2016-11-11 02:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-02-25 19:45 - 2016-11-11 02:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-02-25 19:45 - 2016-11-11 02:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-25 19:45 - 2016-11-11 02:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-02-25 19:45 - 2016-11-11 02:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-02-25 19:45 - 2016-11-11 02:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-02-25 19:45 - 2016-11-11 02:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-02-25 19:45 - 2016-11-11 02:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-25 19:45 - 2016-11-11 02:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-02-25 19:45 - 2016-11-11 02:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-02-25 19:45 - 2016-11-11 02:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-02-25 19:45 - 2016-11-11 02:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-02-25 19:45 - 2016-11-11 02:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-02-25 19:45 - 2016-11-11 02:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-02-25 19:45 - 2016-11-11 02:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-25 19:45 - 2016-11-11 02:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-02-25 19:45 - 2016-11-11 02:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-02-25 19:45 - 2016-11-11 02:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-25 19:45 - 2016-11-11 02:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-02-25 19:45 - 2016-11-11 02:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-25 19:45 - 2016-11-11 02:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-25 19:45 - 2016-11-11 02:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-02-25 19:45 - 2016-11-11 02:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-02-25 19:45 - 2016-11-11 02:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-02-25 19:45 - 2016-11-11 02:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-25 19:45 - 2016-11-11 02:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-25 19:45 - 2016-11-11 02:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-02-25 19:45 - 2016-11-11 02:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-25 19:45 - 2016-11-11 02:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-25 19:45 - 2016-11-11 02:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-25 19:45 - 2016-11-11 02:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-02-25 19:45 - 2016-11-11 02:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-02-25 19:45 - 2016-11-11 02:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-02-25 19:45 - 2016-11-11 02:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-02-25 19:45 - 2016-11-11 02:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-02-25 19:45 - 2016-11-11 02:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-25 19:45 - 2016-11-11 00:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-25 19:45 - 2016-11-11 00:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-02-25 19:45 - 2016-11-11 00:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-02-25 19:45 - 2016-11-11 00:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-25 19:45 - 2016-11-11 00:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-02-25 19:45 - 2016-11-11 00:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-02-25 19:45 - 2016-11-11 00:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-02-25 19:45 - 2016-11-11 00:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-02-25 19:45 - 2016-11-11 00:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-25 19:45 - 2016-11-11 00:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-02-25 19:45 - 2016-11-11 00:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-02-25 19:45 - 2016-11-11 00:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-25 19:45 - 2016-11-11 00:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-02-25 19:45 - 2016-11-11 00:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-02-25 19:45 - 2016-11-11 00:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-02-25 19:45 - 2016-11-11 00:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-25 19:45 - 2016-11-11 00:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-25 19:45 - 2016-11-11 00:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-02-25 19:45 - 2016-11-02 05:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-02-25 19:45 - 2016-11-02 04:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-02-25 19:45 - 2016-11-02 04:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-02-25 19:45 - 2016-11-02 03:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-02-25 19:45 - 2016-11-02 03:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-02-25 19:45 - 2016-11-02 03:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-02-25 19:45 - 2016-11-02 03:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2017-02-25 19:45 - 2016-11-02 03:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-02-25 19:45 - 2016-11-02 03:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2017-02-25 19:45 - 2016-11-02 03:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-02-25 19:45 - 2016-11-02 03:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-02-25 19:45 - 2016-11-02 03:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-02-25 19:45 - 2016-11-02 03:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2017-02-25 19:45 - 2016-11-02 03:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2017-02-25 19:45 - 2016-11-02 03:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-02-25 19:45 - 2016-11-02 03:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-02-25 19:45 - 2016-11-02 03:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-02-25 19:45 - 2016-11-02 03:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2017-02-25 19:45 - 2016-11-02 03:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-02-25 19:45 - 2016-11-02 03:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-02-25 19:45 - 2016-11-02 03:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2017-02-25 19:45 - 2016-11-02 03:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-02-25 19:45 - 2016-11-02 03:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-02-25 19:45 - 2016-11-02 03:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-02-25 19:45 - 2016-11-02 03:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-02-25 19:45 - 2016-11-02 03:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-02-25 19:45 - 2016-11-02 03:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-02-25 19:45 - 2016-11-02 03:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-02-25 19:45 - 2016-11-02 03:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2017-02-25 19:45 - 2016-11-02 03:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2017-02-25 19:45 - 2016-11-02 03:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-02-25 19:45 - 2016-11-02 03:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-02-25 19:45 - 2016-11-02 03:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-02-25 19:45 - 2016-11-02 03:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2017-02-25 19:45 - 2016-11-02 03:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-02-25 19:45 - 2016-11-02 03:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-02-25 19:45 - 2016-11-02 03:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-02-25 19:45 - 2016-11-02 03:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-02-25 19:45 - 2016-11-02 03:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-02-25 19:45 - 2016-11-02 03:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-02-25 19:45 - 2016-11-02 03:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-02-25 19:45 - 2016-11-02 03:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-02-25 19:45 - 2016-11-02 03:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2017-02-25 19:45 - 2016-10-14 21:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-02-25 19:45 - 2016-10-14 21:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-02-25 19:45 - 2016-10-14 21:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-02-25 19:45 - 2016-10-14 21:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-02-25 19:45 - 2016-10-14 21:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-02-25 19:45 - 2016-10-14 20:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2017-02-25 19:45 - 2016-10-14 20:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-02-25 19:45 - 2016-10-14 20:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-02-25 19:45 - 2016-10-14 20:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2017-02-25 19:45 - 2016-10-14 20:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-02-25 19:45 - 2016-10-14 20:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-02-25 19:45 - 2016-10-14 20:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2017-02-25 19:45 - 2016-10-14 20:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2017-02-25 19:45 - 2016-10-14 20:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2017-02-25 19:45 - 2016-10-14 20:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2017-02-25 19:45 - 2016-10-14 20:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-02-25 19:45 - 2016-10-14 20:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-02-25 19:45 - 2016-10-14 20:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-02-25 19:45 - 2016-10-14 20:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2017-02-25 19:45 - 2016-10-14 20:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-02-25 19:45 - 2016-10-14 20:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-02-25 19:45 - 2016-10-14 20:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-02-25 19:45 - 2016-10-14 20:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2017-02-25 19:45 - 2016-10-14 20:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2017-02-25 19:45 - 2016-10-14 20:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2017-02-25 19:45 - 2016-10-14 20:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-02-25 19:45 - 2016-10-14 20:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2017-02-25 19:45 - 2016-10-14 20:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-02-25 19:45 - 2016-10-14 20:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2017-02-25 19:45 - 2016-10-14 20:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2017-02-25 19:45 - 2016-10-05 02:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-02-25 19:45 - 2016-10-05 02:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-02-25 19:45 - 2016-10-05 02:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-02-25 19:45 - 2016-10-05 02:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-02-25 19:45 - 2016-10-05 02:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-02-25 19:45 - 2016-10-05 02:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-02-25 19:45 - 2016-10-05 02:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2017-02-25 19:45 - 2016-10-05 02:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-02-25 19:45 - 2016-10-05 02:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-02-25 19:45 - 2016-10-05 02:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-02-25 19:45 - 2016-10-05 02:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-02-25 19:45 - 2016-10-05 02:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-02-25 19:45 - 2016-10-05 02:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-02-25 19:45 - 2016-10-05 02:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-02-25 19:45 - 2016-10-05 02:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2017-02-25 19:45 - 2016-10-05 02:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-02-25 19:45 - 2016-10-05 02:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-02-25 19:45 - 2016-10-05 02:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-02-25 19:45 - 2016-10-05 02:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-02-25 19:45 - 2016-10-05 02:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-02-25 19:45 - 2016-10-05 02:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-02-25 19:45 - 2016-09-10 06:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2017-02-25 19:44 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-25 19:44 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-02-25 19:44 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-25 19:44 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-02-25 19:44 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-02-25 19:44 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-25 19:44 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-02-25 19:44 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-25 19:44 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-02-25 19:44 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-25 19:44 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-25 19:44 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-02-25 19:44 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-25 19:44 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-02-25 19:44 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-25 19:44 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-25 19:44 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-02-25 19:44 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-02-25 19:44 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-25 19:44 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-02-25 19:44 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-02-25 19:44 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-25 19:44 - 2016-12-09 03:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-25 19:44 - 2016-12-09 03:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-25 19:44 - 2016-12-09 03:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-25 19:44 - 2016-12-09 03:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-25 19:44 - 2016-12-09 03:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-25 19:44 - 2016-12-09 02:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-02-25 19:44 - 2016-12-09 02:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-02-25 19:44 - 2016-12-09 02:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-25 19:44 - 2016-11-11 02:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-02-25 19:44 - 2016-11-11 02:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-02-25 19:44 - 2016-11-11 02:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-25 19:44 - 2016-11-11 02:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-25 19:44 - 2016-11-11 02:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-02-25 19:44 - 2016-11-11 02:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-25 19:44 - 2016-11-11 02:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-25 19:44 - 2016-11-11 02:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-02-25 19:44 - 2016-11-11 02:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-02-25 19:44 - 2016-11-11 02:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-25 19:44 - 2016-11-11 02:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-25 19:44 - 2016-11-11 02:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-25 19:44 - 2016-11-11 02:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-02-25 19:44 - 2016-11-11 02:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-02-25 19:44 - 2016-11-11 02:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-25 19:44 - 2016-11-11 02:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-25 19:44 - 2016-11-11 02:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-25 19:44 - 2016-11-11 02:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-25 19:44 - 2016-11-11 02:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-25 19:44 - 2016-11-11 02:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-25 19:44 - 2016-11-11 00:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-02-25 19:44 - 2016-11-11 00:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-02-25 19:44 - 2016-11-11 00:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-02-25 19:44 - 2016-11-11 00:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-02-25 19:44 - 2016-11-11 00:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-02-25 19:44 - 2016-11-11 00:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-25 19:44 - 2016-11-11 00:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-02-25 19:44 - 2016-11-11 00:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-02-25 19:44 - 2016-11-11 00:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-02-25 19:44 - 2016-11-11 00:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-02-25 19:44 - 2016-11-11 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-02-25 19:44 - 2016-11-11 00:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-02-25 19:44 - 2016-11-11 00:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-25 19:44 - 2016-11-11 00:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-02-25 19:44 - 2016-11-11 00:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-25 19:44 - 2016-11-11 00:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-25 19:44 - 2016-11-02 04:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-02-25 19:44 - 2016-11-02 04:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2017-02-25 19:44 - 2016-11-02 04:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-02-25 19:44 - 2016-11-02 04:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-02-25 19:44 - 2016-11-02 03:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-02-25 19:44 - 2016-11-02 03:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2017-02-25 19:44 - 2016-11-02 03:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-02-25 19:44 - 2016-11-02 03:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-02-25 19:44 - 2016-11-02 03:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2017-02-25 19:44 - 2016-11-02 03:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-02-25 19:44 - 2016-11-02 03:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-02-25 19:44 - 2016-11-02 03:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2017-02-25 19:44 - 2016-11-02 03:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-02-25 19:44 - 2016-11-02 03:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-02-25 19:44 - 2016-11-02 03:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2017-02-25 19:44 - 2016-11-02 03:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-02-25 19:44 - 2016-11-02 03:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-02-25 19:44 - 2016-11-02 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-02-25 19:44 - 2016-11-02 03:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-02-25 19:44 - 2016-10-14 21:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-02-25 19:44 - 2016-10-14 21:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-02-25 19:44 - 2016-10-14 21:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-02-25 19:44 - 2016-10-14 21:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2017-02-25 19:44 - 2016-10-14 21:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-02-25 19:44 - 2016-10-14 20:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-02-25 19:44 - 2016-10-14 20:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2017-02-25 19:44 - 2016-10-14 20:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2017-02-25 19:44 - 2016-10-14 20:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-02-25 19:44 - 2016-10-14 20:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-02-25 19:44 - 2016-10-14 20:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2017-02-25 19:44 - 2016-10-14 20:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-02-25 19:44 - 2016-10-14 20:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2017-02-25 19:44 - 2016-10-05 03:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-02-25 19:44 - 2016-10-05 02:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-02-25 19:44 - 2016-10-05 02:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-02-25 19:44 - 2016-10-05 02:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-02-25 19:44 - 2016-10-05 02:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-02-25 19:44 - 2016-10-05 02:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-02-25 19:44 - 2016-10-05 02:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-02-25 19:44 - 2016-10-05 02:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-02-25 19:44 - 2016-10-05 02:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2017-02-25 19:44 - 2016-10-05 02:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-02-25 19:43 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-02-25 19:43 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-02-25 19:43 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-02-25 19:43 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-02-25 19:43 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-02-25 19:43 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-02-25 19:43 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-02-25 19:43 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-02-25 19:43 - 2016-12-09 02:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-02-25 19:43 - 2016-12-09 02:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-02-25 19:43 - 2016-12-09 02:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-02-25 19:43 - 2016-12-09 02:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-02-25 19:43 - 2016-12-09 02:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-02-25 19:43 - 2016-12-09 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-02-25 19:43 - 2016-11-11 03:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-02-25 19:43 - 2016-11-11 02:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-02-25 19:43 - 2016-11-11 02:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-02-25 19:43 - 2016-11-11 02:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-25 19:43 - 2016-11-11 02:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-25 19:43 - 2016-11-11 02:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-25 19:43 - 2016-11-11 02:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-02-25 19:43 - 2016-11-11 02:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-02-25 19:43 - 2016-11-11 02:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-02-25 19:43 - 2016-11-11 02:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-02-25 19:43 - 2016-11-11 02:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-02-25 19:43 - 2016-11-11 02:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-02-25 19:43 - 2016-11-11 01:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-02-25 19:43 - 2016-11-11 00:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-02-25 19:43 - 2016-11-11 00:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-02-25 19:43 - 2016-11-11 00:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-02-25 19:43 - 2016-11-11 00:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-02-25 19:43 - 2016-11-11 00:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-02-25 19:43 - 2016-11-02 04:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-02-25 19:43 - 2016-11-02 03:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2017-02-25 19:43 - 2016-11-02 03:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2017-02-25 19:43 - 2016-11-02 03:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-02-25 19:43 - 2016-11-02 03:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2017-02-25 19:43 - 2016-11-02 03:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-02-25 19:43 - 2016-11-02 03:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2017-02-25 19:43 - 2016-11-02 03:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-02-25 19:43 - 2016-11-02 03:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-02-25 19:43 - 2016-11-02 03:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2017-02-25 19:43 - 2016-11-02 03:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2017-02-25 19:43 - 2016-11-02 03:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-02-25 19:43 - 2016-11-02 03:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-02-25 19:43 - 2016-11-02 03:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2017-02-25 19:43 - 2016-11-02 03:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2017-02-25 19:43 - 2016-11-02 03:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-02-25 19:43 - 2016-10-14 21:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-02-25 19:43 - 2016-10-14 21:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-02-25 19:43 - 2016-10-14 21:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-02-25 19:43 - 2016-10-14 20:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-02-25 19:43 - 2016-10-14 20:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2017-02-25 19:43 - 2016-10-14 20:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-02-25 19:43 - 2016-10-14 20:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2017-02-25 19:43 - 2016-10-14 20:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-02-25 19:43 - 2016-10-14 20:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-02-25 19:43 - 2016-10-14 20:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2017-02-25 19:43 - 2016-10-05 03:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-02-25 19:43 - 2016-10-05 03:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2017-02-25 19:43 - 2016-10-05 02:36 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-02-25 19:43 - 2016-10-05 02:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-02-25 19:43 - 2016-10-05 02:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-02-25 19:43 - 2016-10-05 02:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-02-25 19:43 - 2016-10-05 02:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-02-25 19:43 - 2016-10-05 02:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-02-25 19:43 - 2016-10-05 02:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-02-25 19:43 - 2016-10-05 02:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-02-25 19:01 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-25 19:01 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-25 17:45 - 2017-02-26 16:27 - 00003634 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-25 17:35 - 2017-02-26 15:39 - 00788608 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-02-25 17:09 - 2017-02-25 17:09 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-JIM-PC-Windows-10-Home-(64-bit).dat
2017-02-25 17:09 - 2017-02-25 17:09 - 00000000 ____D C:\RegBackup
2017-02-25 17:04 - 2017-02-25 17:05 - 00190773 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-02-25 17:04 - 2017-02-25 17:04 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-25 15:23 - 2017-02-25 15:23 - 00000159 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-02-25 10:54 - 2017-02-26 19:08 - 00000000 ____D C:\Users\Jim\AppData\Local\CrashDumps
2017-02-25 10:54 - 2017-02-26 07:10 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-25 09:41 - 2017-02-25 09:41 - 00000000 ____D C:\Users\Jim\AppData\Local\Zemana
2017-02-25 09:03 - 2017-02-25 09:06 - 00000000 ____D C:\Users\Jim\AppData\Local\AdvinstAnalytics
2017-02-25 07:52 - 2017-02-25 07:52 - 00000000 ____D C:\Program Files (x86)\shropshire
2017-02-25 07:15 - 2017-02-25 09:14 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Geek Uninstaller
2017-02-24 16:51 - 2017-02-27 06:57 - 00000000 ____D C:\FRST
2017-02-24 16:49 - 2017-02-27 06:56 - 02423296 _____ (Farbar) C:\Users\Jim\Downloads\FRST64.exe
2017-02-24 12:29 - 2017-02-24 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-24 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-24 12:06 - 2017-02-24 12:06 - 00250290 _____ C:\Users\Jim\Documents\cc_20170224_120620.reg
2017-02-24 11:51 - 2017-02-24 11:51 - 00000000 ____D C:\WINDOWS\pss
2017-02-24 09:51 - 2017-02-24 09:51 - 00000552 _____ C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive (2).lnk
2017-02-24 05:11 - 2017-02-27 05:18 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36D55AF4-5ADB-451B-899E-3C12B4B42C3E}
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files (x86)\GUM80B4.tmp
2017-02-23 21:14 - 2017-02-23 21:17 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-23 21:13 - 2017-02-23 21:13 - 00000000 ____D C:\Program Files (x86)\GUM174A.tmp
2017-02-23 18:21 - 2017-02-23 19:29 - 00000000 ____D C:\Users\Jim\AppData\Local\llssoft
2017-02-23 17:20 - 2017-02-23 17:20 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Jim\AppData\Roaming\c
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\ProgramData\1487895640
2017-02-23 17:19 - 2017-02-23 17:19 - 00000055 _____ C:\WINDOWS\key.ini
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-19 12:47 - 2017-02-19 12:47 - 00000000 ____D C:\Users\Jim\.ssh
2017-02-18 23:50 - 2017-02-18 23:50 - 00316416 _____ (windows 99) C:\WINDOWS\motorized.exe
2017-02-18 23:50 - 2017-02-18 23:50 - 00041196 _____ C:\WINDOWS\peddle.exe
2017-02-18 22:22 - 2017-02-18 22:22 - 00080956 _____ C:\Users\Jim\Downloads\Document.pdf
2017-02-18 22:19 - 2017-02-18 22:19 - 00039150 _____ C:\Users\Jim\Downloads\SKM_284e17021410491.pdf
2017-02-12 19:09 - 2017-02-12 19:09 - 00000000 ____D C:\Users\Jim\Documents\TurboTax
2017-02-12 18:48 - 2017-02-12 19:09 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Intuit
2017-02-12 18:47 - 2017-02-12 18:47 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
2017-02-12 18:47 - 2017-02-12 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-02-12 18:46 - 2017-02-12 18:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
2017-02-12 18:45 - 2017-02-12 18:47 - 00000000 ____D C:\ProgramData\Intuit
2017-02-08 16:37 - 2017-02-08 16:37 - 00034293 _____ C:\Users\Jim\Downloads\PastBills.pdf
2017-02-07 17:41 - 2017-02-07 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 11:10 - 2017-02-07 11:10 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-07 11:10 - 2017-02-07 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-07 11:10 - 2017-02-07 11:10 - 00000000 ____D C:\Program Files\iTunes
2017-02-07 11:10 - 2017-02-07 11:10 - 00000000 ____D C:\Program Files\iPod
2017-02-07 02:08 - 2017-02-07 02:08 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-07 02:08 - 2017-02-07 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-06 21:38 - 2017-02-06 21:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 17:33 - 2017-02-06 17:33 - 00020823 _____ C:\Users\Jim\Downloads\Dec 01, 2016 to Dec 20, 2016.pdf
2017-02-06 17:32 - 2017-02-06 17:32 - 00020815 _____ C:\Users\Jim\Downloads\Dec 22, 2016 to Jan 20, 2017.pdf
2017-02-06 17:26 - 2017-02-06 17:26 - 00526149 _____ C:\Users\Jim\Downloads\Owner_1099_2016.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-27 05:59 - 2016-09-24 04:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-27 05:41 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-26 18:51 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-26 18:45 - 2016-04-23 11:07 - 00790976 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-26 18:44 - 2016-04-23 11:48 - 00000000 ___RD C:\Users\Jim\Google Drive
2017-02-26 18:40 - 2016-09-24 04:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-26 18:40 - 2016-09-24 04:37 - 00206352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-26 18:40 - 2016-07-15 23:04 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-02-26 18:40 - 2016-05-11 18:07 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-02-26 14:48 - 2016-09-24 04:44 - 00000000 ____D C:\Users\Jim
2017-02-26 14:30 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-26 14:30 - 2016-04-23 09:27 - 00000000 ____D C:\Users\Jim\AppData\Local\Packages
2017-02-26 12:34 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-26 12:34 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-26 09:21 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-26 09:04 - 2016-07-16 04:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-26 09:04 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-26 09:04 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-26 09:04 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-26 09:04 - 2016-07-15 23:04 - 00000000 ____D C:\WINDOWS\servicing
2017-02-26 09:02 - 2016-07-16 04:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-02-25 20:05 - 2016-04-23 13:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-25 20:02 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-25 20:02 - 2016-04-23 13:10 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-25 19:22 - 2016-04-23 11:06 - 00000000 ____D C:\Users\Jim\AppData\Local\Publishers
2017-02-25 18:54 - 2016-07-16 04:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-02-25 18:54 - 2016-07-16 04:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-02-25 18:52 - 2016-07-16 04:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-02-25 18:40 - 2016-04-23 10:01 - 00485032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-25 17:44 - 2013-08-22 06:25 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_724
2017-02-25 15:16 - 2016-04-23 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2017-02-25 11:49 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-25 07:52 - 2016-10-07 09:03 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-25 07:42 - 2017-01-07 11:41 - 00000000 ____D C:\Users\Jim\AppData\LocalLow\Temp
2017-02-25 07:36 - 2013-08-22 06:25 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_800
2017-02-25 07:35 - 2016-10-07 09:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\MSFT_TaskSettings3
2017-02-25 07:35 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-25 07:14 - 2017-01-26 09:08 - 06960664 _____ (Geek Unіnstaller) C:\Users\Jim\Desktop\geek.exe
2017-02-24 12:31 - 2016-04-23 09:35 - 00000000 ____D C:\Users\Jim\AppData\Local\ElevatedDiagnostics
2017-02-24 12:01 - 2016-09-24 05:36 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-24 10:00 - 2016-04-23 11:09 - 00000000 ___RD C:\Users\Jim\OneDrive
2017-02-24 09:22 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 21:12 - 2016-04-23 11:10 - 00000000 ____D C:\Users\Jim\AppData\Local\MicrosoftEdge
2017-02-23 19:24 - 2016-05-06 16:31 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Skype
2017-02-23 18:06 - 2016-04-24 18:57 - 00000000 ____D C:\Users\Jim\AppData\Roaming\.minecraft
2017-02-15 15:59 - 2016-04-23 11:09 - 00002353 _____ C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-10 15:36 - 2016-04-23 11:45 - 00000000 ___RD C:\Users\Jim\Dropbox
2017-02-10 12:05 - 2016-04-23 11:29 - 00000000 ____D C:\Users\Jim\AppData\Roaming\DVDVideoSoft
2017-02-07 17:42 - 2016-04-23 11:42 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 11:14 - 2016-04-23 11:42 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-07 11:14 - 2016-04-23 11:42 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-07 11:10 - 2016-05-15 12:02 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-07 11:10 - 2016-05-15 11:07 - 00000000 ____D C:\Program Files\Recuva
2017-02-07 02:08 - 2016-04-23 11:14 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-06 12:48 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 12:48 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-02-26 13:25 - 2017-02-26 13:25 - 22762520 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-02-26 12:31 - 2017-02-26 12:31 - 0000017 _____ () C:\Users\Jim\AppData\Local\resmon.resmoncfg
2017-02-25 15:23 - 2017-02-25 15:23 - 0000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
2017-02-26 18:44 - 2017-02-26 18:44 - 3957784 _____ (Geek Unіnstaller) C:\Users\Jim\AppData\Local\Temp\geek64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-22 07:31

==================== End of FRST.txt ============================

kevinf80 · February 27, 2017

Still finding malware in those logs, we can remove shortly... In the installed program list contained in Addition.txt is a program listed as "Hidden" Program name Vumaa I`ve include it in FRST fix to unhide that program. When FRST fix is completed open GeekUninstaller and see if you can see Vumaa in the list, if so uninstall it, if not tell me...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Let me see that log, also give me an update on Vumaa....

fixlist.txt

Jpen10 · February 27, 2017

High Kevin. I used geek to uninstall vumaa but got an error 101 saying it couldn't find the file and other dialog. I went back and did a "Force uninstall" and it got rid of vumaa.

here is the frst log file.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017
Ran by Jim (27-02-2017 12:25:26) Run:4
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available Profiles: Jim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-783448517-647833336-481893931-1001\...\MountPoints2: {fdd1f285-096e-11e6-824f-806e6f6e6963} - "D:\setup.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2017-02-24 12:29 - 2017-02-24 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-24 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-23 21:17 - 2017-02-23 21:17 - 00000000 ____D C:\Program Files (x86)\GUM80B4.tmp
2017-02-23 21:13 - 2017-02-23 21:13 - 00000000 ____D C:\Program Files (x86)\GUM174A.tmp
2017-02-23 17:20 - 2017-02-23 17:20 - 01852928 _____ (splsrv Corp.) C:\WINDOWS\SysWOW64\splsrv.exe
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Jim\AppData\Roaming\c
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-23 17:20 - 2017-02-23 17:20 - 00000000 ____D C:\ProgramData\1487895640
2017-02-23 17:19 - 2017-02-23 17:19 - 00000055 _____ C:\WINDOWS\key.ini
2017-02-18 23:50 - 2017-02-18 23:50 - 00316416 _____ (windows 99) C:\WINDOWS\motorized.exe
2017-02-18 23:50 - 2017-02-18 23:50 - 00041196 _____ C:\WINDOWS\peddle.exe
2017-02-22 17:12 - 2017-02-22 17:12 - 00051784 _____ C:\WINDOWS\system32\Drivers\drmkpro64.sys
2017-02-19 12:47 - 2017-02-19 12:47 - 00000000 ____D C:\Users\Jim\.ssh
2017-02-18 23:50 - 2017-02-18 23:50 - 00316416 _____ (windows 99) C:\WINDOWS\motorized.exe
Vumaa (x32 Version: 1.0.0 - Vumaa) Hidden
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
FirewallRules: [{5ECE3246-505E-4145-8ECE-356A488BE3C8}] => (Allow) C:\Program Files (x86)\sorrier\equalized.exe
FirewallRules: [{350422A7-6665-4018-B69A-C42A97BED256}] => (Allow) C:\Program Files (x86)\sorrier\harold.exe
C:\Program Files (x86)\sorrier
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
CMD: ipconfig /flushDNS
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => value removed successfully
HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd1f285-096e-11e6-824f-806e6f6e6963} => key removed successfully
HKCR\CLSID\{fdd1f285-096e-11e6-824f-806e6f6e6963} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-783448517-647833336-481893931-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 => moved successfully
C:\WINDOWS\system32\sdnclean64.exe => moved successfully
C:\Program Files (x86)\GUM80B4.tmp => moved successfully
C:\Program Files (x86)\GUM174A.tmp => moved successfully
C:\WINDOWS\SysWOW64\splsrv.exe => moved successfully
C:\Users\Jim\AppData\Roaming\c => moved successfully
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\ProgramData\1487895640 => moved successfully
C:\WINDOWS\key.ini => moved successfully
C:\WINDOWS\motorized.exe => moved successfully
C:\WINDOWS\peddle.exe => moved successfully
Could not move "C:\WINDOWS\system32\Drivers\drmkpro64.sys" => Scheduled to move on reboot.
C:\Users\Jim\.ssh => moved successfully
"C:\WINDOWS\motorized.exe" => not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D8758B02-99B7-43F3-B12A-A39BDE833890}\\SystemComponent => value removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5ECE3246-505E-4145-8ECE-356A488BE3C8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{350422A7-6665-4018-B69A-C42A97BED256} => value removed successfully
"C:\Program Files (x86)\sorrier" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value removed successfully

========= ipconfig /flushDNS =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 2208788 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21135656 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 6354 B
Edge => 15569345 B
Chrome => 492474901 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 792 B
NetworkService => 12810 B
Jim => 68130478 B

RecycleBin => 660737090 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-02-2017 12:29:13)

"C:\WINDOWS\system32\Drivers\drmkpro64.sys" => Could not move

==== End of Fixlog 12:29:14 ====

kevinf80 · February 27, 2017

One part of infection is not removed, FRST could not move it. Try again with the following:

Download BlitzBlank from here: http://www.bleepingcomputer.com/download/blitzblank/dl/108/ and save it to your desktop.

Right click on

Blitzblank.exe select "Run as Administrator"

Click OK at the warning (and take note of it, this is a VERY powerful tool!).

Click the Script tab and copy/paste the following text there:

DeleteFile:
C:\WINDOWS\system32\Drivers\drmkpro64.sys

Click Execute Now. An alert will ask "You are about to delete files, are you sure to proceed" Select OK to proceed

A system reboot warning will open, it will say "Please close all running applicatons to avoid data loss" Select OK to proceed

Your computer will need to reboot in order to do the fixes

When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

Thanks,

Kevin

Jpen10 · February 27, 2017

I get a "Syntax error in line 2, Invalid file path.

kevinf80 · February 27, 2017

Run Blitzblank again, open the script tab and copy the following into the text field

DisableDriver:
C:\WINDOWS\system32\Drivers\drmkpro64.sys
DeleteFile:
C:\WINDOWS\system32\Drivers\drmkpro64.sys

Select "Execute now" then select OK twice on the following windows...

Jpen10 · February 27, 2017

Same thing only error in line 4

kevinf80 · February 27, 2017

That driver is classed as a Trojan, hence infection spreads. Trojans are also known to have hidden protection, probably why we struggle to remove it... run the following see what log tells us.

Download and save RogueKiller to your Desktop from this link:

https://www.fosshub.com/RogueKiller.html/setup.exe

Right click setup.exe and select Run as Administrator to start installing RogueKiller.

At the next window Checkmark "Install 32 and 64 bit versions, then select "Next"

user posted image

In the next window skip Licence I.D. and Licence Key, select "Next"

user posted image

In the next window make no changes and select "Next"

user posted image

In the next window leave both "Additional Shortcuts" checkmarked, then select "Next"

user posted image

In the next window make no changes and select "Install"

user posted image

RogueKiller will extract and complete installation, in the new window leave "Launch Roguekiller" checkmarked, then select finish.

user posted image

RogueKiller will launch. Accept UAC, then read and accept "User Agreements"

user posted image

In the new window the "Home" tab should already be selected, Change by selecting "Scan" tab, then select "Start Scan"

user posted image

When the scan completes select "Open Report"

user posted image

In the new Window select "Export text" name that file RK.txt, save to your Desktop and attach to your reply

user posted image

Thanks,

Kevin...

Jpen10 · February 27, 2017

Here is rk;

rk.txt

kevinf80 · February 27, 2017

Thanks for the RK log, unfortunately no real help... Ok lets try again with an FRST fix, as follows please:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Thanks,

Kevin

fixlist.txt

Jpen10 · February 27, 2017

here is fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by Jim (27-02-2017 15:32:33) Run:5
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available Profiles: Jim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Unlock: C:\WINDOWS\system32\Drivers\drmkpro64.sys
Move: C:\WINDOWS\system32\Drivers\drmkpro64.sys C:\WINDOWS\system32\Drivers\drmkpro64.sys.old
C:\WINDOWS\system32\Drivers\drmkpro64.sys.old
end

*****************

"C:\WINDOWS\system32\Drivers\drmkpro64.sys" => was unlocked
"C:\WINDOWS\system32\Drivers\drmkpro64.sys" Could not move to C:\WINDOWS\system32\Drivers\drmkpro64.sys.old
"C:\WINDOWS\system32\Drivers\drmkpro64.sys.old" => not found.

==== End of Fixlog 15:32:33 ====

kevinf80 · February 27, 2017

Ok lets see if it will be removed as it does show as unlocked......?

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Thanks,

Kevin

fixlist.txt

locked out

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information