Jump to content

Pum.dns removal difficulty


Recommended Posts

  • 2 weeks later...
  • Replies 92
  • Created
  • Last Reply

Top Posters In This Topic

Hi Kevin,

I apologize for not replying for so long. Things have gone for the worst, I can't access my administrator account in normal mode. My normal account using the roguekiller scan has detected the same three threats, all pum.dns in the registry. I have a frst & addition log below and the roguekiller log:

Roguekiller:

RogueKiller V12.10.4.0 (x64) [Apr 10 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Administrator2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/15/2017 15:26:45 (Duration : 00:40:04)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2e7fae69-a295-405f-8de6-8363f33cbe1e} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5b74ec9e-3b4c-4056-9f05-4493211fa14d} | DhcpNameServer : 66.253.214.16 50.30.184.16 ([-][United States])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-60JC3T0 +++++
--- User ---
[MBR] f688592a03b58373db9c5f4a708baeac
[BSP] c3ca02d57617eaac5a3c8b204c9c4908 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 922604 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1889902592 | Size: 30962 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1953312768 | Size: 102 MB
User = LL1 ... OK
User = LL2 ... OK

 

In the roguekiller application I have not deleted the threats I just kept the log. I did use the fix function in Farbar though.

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Niko (15-04-2017 16:13:13)
Running from C:\Users\Niko\Downloads
Windows 10 Pro Version 1607 (X64) (2017-03-31 22:47:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3760326077-2161983396-1685683110-500 - Administrator - Disabled) => C:\Users\Administrator
Administrator2 (S-1-5-21-3760326077-2161983396-1685683110-1005 - Administrator - Enabled) => C:\Users\Administrator2
ASPNET (S-1-5-21-3760326077-2161983396-1685683110-1004 - Limited - Enabled)
DefaultAccount (S-1-5-21-3760326077-2161983396-1685683110-503 - Limited - Disabled)
Guest (S-1-5-21-3760326077-2161983396-1685683110-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3760326077-2161983396-1685683110-1002 - Limited - Enabled)
Niko (S-1-5-21-3760326077-2161983396-1685683110-1001 - Limited - Enabled) => C:\Users\Niko
Niko Guest Space (S-1-5-21-3760326077-2161983396-1685683110-1006 - Limited - Enabled) => C:\Users\Niko Guest Space

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Ansel (Version: 376.82 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Geeks3D FurMark 1.18.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Hitman: Blood Money (HKLM\...\Steam App 6860) (Version:  - IO Interactive)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3760326077-2161983396-1685683110-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mount & Blade: Warband (HKLM\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 52.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 en-US)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
NVIDIA Graphics Driver 376.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.82 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.4.0 - Adlice Software)
STAR WARS™ Jedi Knight: Jedi Academy™ (HKLM\...\Steam App 6020) (Version:  - Raven Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version:  - Bethesda Game Studios)
VirtualDJ 8 (HKLM-x32\...\{72BC06DD-0194-4066-B981-3C9FF3C0D837}) (Version: 8.2.3678.0 - Atomix Productions)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Niko\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

==================== Loaded Modules (Whitelisted) ==============

2017-03-14 17:11 - 2017-03-04 00:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-27 15:50 - 2017-01-13 19:38 - 00401880 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-14 17:11 - 2017-03-04 00:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-17 11:06 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 17:10 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 17:11 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 17:11 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 17:11 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-14 17:11 - 2017-03-03 23:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-14 17:11 - 2017-03-03 23:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-14 17:12 - 2017-03-03 23:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-10 16:15 - 2017-04-10 16:16 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 16:15 - 2017-04-10 16:16 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 16:15 - 2017-04-10 16:16 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 16:15 - 2017-04-10 16:16 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-31 16:00 - 2017-03-31 15:58 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3760326077-2161983396-1685683110-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Niko\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{422d1117-eb33-414b-842d-61221aee5211}.jpeg
DNS Servers: 66.253.214.16 - 50.30.184.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C9B14C90-A421-4211-ABE2-AF5365462633}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD19AD7A-908D-456E-ADD3-6BC8501FF8AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{410F80A6-1E0E-4859-AB06-A5DC49DD399B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A1FC311-E5D3-41D7-801E-99BCBDA40353}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B7EE6B58-C3A7-4CA9-AAA3-D182BA34688E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CBD21F5F-92A5-4184-8E83-EEF5336A6925}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{849C93AC-600F-41AE-8737-B4B5B85501A4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BA8CB3C0-B05B-49FA-989F-76A335AAC1E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2F056AA0-F7D9-4BBD-92C9-86DEC620DE36}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B73354EF-EE1F-4722-93AE-90A7B780CD73}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{75DE1200-8671-40DB-B189-8F3836390E75}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9214F206-AE56-4745-881D-8C0AABB0A1CE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{74BEC697-B2FD-487D-BD6E-DA338D28199D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{802BB7A3-914B-43DB-B756-D9B91181908A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{9785B4C0-9F11-4B13-9576-14528CE35370}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{8C449B48-0F44-45FC-93A1-0F357800E800}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{9E2E7EBF-ABDE-481A-ADCA-F2D9E6EB81E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{9EABB041-C8F0-464C-B9FB-001B51CC2CB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{B0C4DB73-1944-44A7-BDC4-AFF8C4621712}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{CDFE733A-C868-4EA6-9BD1-11FD132723CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\HitmanBloodMoney.exe
FirewallRules: [{F2A22CCE-9C37-4AFA-BC7B-216DC188D0D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{C126C384-70BB-44B6-A554-0221ADF5F6AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Blood Money\configure.exe
FirewallRules: [{495015AB-EB2C-4EFE-8808-93BE2FF284F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{6002A541-D939-455D-A6E2-3BD471C82073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{5CC051DA-632A-4A32-B230-711DB4973B03}] => (Allow) C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{6542DADB-4DE7-43BE-9107-1D731D5FBCC4}] => (Allow) C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{4B50F7D9-CA46-4068-81D9-2CC3C79961B3}] => (Allow) C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{315FC269-5AF2-44B2-A228-D432E842FF83}] => (Allow) C:\Program Files (x86)\Mass Effect 2\MassEffect2Launcher.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/15/2017 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VOYAGER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/15/2017 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VOYAGER)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/15/2017 03:02:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9
Faulting module name: combase.dll, version: 10.0.14393.953, time stamp: 0x58ba5954
Exception code: 0xc0000005
Fault offset: 0x00000000000b071c
Faulting process id: 0x10b0
Faulting application start time: 0x01d2b633e33a46ec
Faulting application path: C:\WINDOWS\system32\MRT.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: e6c0263c-0256-4164-af28-bd00fc9abb9d
Faulting package full name:
Faulting package-relative application ID:

Error: (04/15/2017 02:54:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TESV.exe version 1.9.32.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1090

Start Time: 01d2b62bc02b945c

Termination Time: 14

Application Path: C:\Program Files (x86)\Steam\steamapps\common\Skyrim\TESV.exe

Report Id: edc9bd7d-2225-11e7-9113-9457a5ae2122

Faulting package full name:

Faulting package-relative application ID:

Error: (04/15/2017 11:23:09 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (04/15/2017 11:13:01 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (04/14/2017 09:57:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MassEffect2.exe, version: 1.0.1593.2, time stamp: 0x4b2845cd
Faulting module name: MassEffect2.exe, version: 1.0.1593.2, time stamp: 0x4b2845cd
Exception code: 0xc0000005
Fault offset: 0x005dc1b5
Faulting process id: 0x1530
Faulting application start time: 0x01d2b58f8ac5e4f7
Faulting application path: C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
Faulting module path: C:\Program Files (x86)\Mass Effect 2\Binaries\MassEffect2.exe
Report Id: bd38fd29-25cd-4857-8b76-f4832d5b9ba7
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2017 07:21:52 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10600.150) TYPE: ERROR

DPTF Build Version:  8.1.10600.150
DPTF Build Date:  Jun 26 2015 11:46:12
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]

Error: (04/14/2017 05:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MRT.exe, version: 5.47.13703.0, time stamp: 0x58dec9f9
Faulting module name: combase.dll, version: 10.0.14393.953, time stamp: 0x58ba5954
Exception code: 0xc0000005
Fault offset: 0x00000000000b071c
Faulting process id: 0xa6c
Faulting application start time: 0x01d2b58252b7ab73
Faulting application path: C:\WINDOWS\system32\MRT.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 32c384db-6b9f-48d8-bf8c-e8bfd63f3bd4
Faulting package full name:
Faulting package-relative application ID:

Error: (04/14/2017 05:54:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (04/15/2017 03:23:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/15/2017 03:22:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/15/2017 03:22:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (04/15/2017 03:21:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/15/2017 03:20:46 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/15/2017 03:20:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/15/2017 03:20:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

Error: (04/15/2017 03:20:26 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY)
Description: The password notification DLL C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files.  Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898.

Error: (04/15/2017 03:19:46 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (04/15/2017 03:20:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:16:56 PM on ‎4/‎15/‎2017 was unexpected.


CodeIntegrity:
===================================
  Date: 2017-04-12 00:39:41.738
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-07 19:22:11.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-05 15:28:41.833
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 8112.67 MB
Available physical RAM: 3611.5 MB
Total Virtual: 9392.67 MB
Available Virtual: 5508.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:900.98 GB) (Free:534.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:30.24 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (MassEffect2) (CDROM) (Total:2.68 GB) (Free:0 GB) UDF
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017 (ATTENTION: ====> FRSTversion is 31 days old and could be outdated)
Ran by Niko (ATTENTION: The user is not administrator) on VOYAGER (15-04-2017 16:10:24)
Running from C:\Users\Niko\Downloads
Loaded Profiles: Niko & Administrator2 (Available Profiles: Niko & Administrator2 & Niko Guest Space & Administrator)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> igfxCUIService.exe
Failed to access process -> svchost.exe
Failed to access process -> RtkAudioService64.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> MBAMService.exe
Failed to access process -> esif_uf.exe
Failed to access process -> BtwRSupportService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SynTPEnhService.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> MsMpEng.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> NisSrv.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> nvxdsync.exe
() C:\Windows\Temp\DPTF\esif_assist_64.exe
Failed to access process -> RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
Failed to access process -> SearchIndexer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
Failed to access process -> iPodService.exe
() C:\Program Files\RogueKiller\RogueKiller64.exe
Failed to access process -> OpenWith.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
Failed to access process -> MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
Failed to access process -> dllhost.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> svchost.exe
Failed to access process -> OpenWith.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> TiWorker.exe
Failed to access process -> SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2016-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKU\S-1-5-21-3760326077-2161983396-1685683110-1001\...\MountPoints2: {dd142995-165f-11e7-910d-806e6f6e6963} - "E:\autorun.exe" -auto
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 66.253.214.16 50.30.184.16
Tcpip\..\Interfaces\{2e7fae69-a295-405f-8de6-8363f33cbe1e}: [DhcpNameServer] 66.253.214.16 50.30.184.16
Tcpip\..\Interfaces\{5b74ec9e-3b4c-4056-9f05-4493211fa14d}: [DhcpNameServer] 66.253.214.16 50.30.184.16

Internet Explorer:
==================
URLSearchHook: [S-1-5-21-3760326077-2161983396-1685683110-1005] ATTENTION => Default URLSearchHook is missing

FireFox:
========
FF DefaultProfile: ywvag5qp.default
FF ProfilePath: C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\ywvag5qp.default [2017-04-15]
FF Extension: (AdBlock for Firefox) - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\ywvag5qp.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-04-01]
FF Extension: (Disable Prefetch) - C:\Users\Niko\AppData\Roaming\Mozilla\Firefox\Profiles\ywvag5qp.default\features\{c6096ade-559f-465a-b7e1-2c928c818218}\disable-prefetch@mozilla.org.xpi [2017-04-04]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\deployment-checker@mozilla.org.xpi [2017-03-23] [not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default [2017-04-15]
CHR Extension: (Google Docs) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-04]
CHR Extension: (Google Drive) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-04]
CHR Extension: (YouTube) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-04]
CHR Extension: (Adblock Plus) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-06]
CHR Extension: (Google Docs Offline) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-04]
CHR Extension: (Gmail) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2286848 2015-10-01] (Broadcom Corporation.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1385640 2016-04-18] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-04-28] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208176 2015-10-01] (Broadcom Corporation.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [47096 2016-04-18] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [43512 2016-04-18] (Intel Corporation)
R3 dptf_pch; C:\WINDOWS\System32\drivers\dptf_pch.sys [41976 2016-04-18] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [251384 2016-04-18] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-03-24] ()
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-03] (Intel Corporation)
S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-03] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-04-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92096 2017-04-15] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [827096 2015-03-22] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [391896 2015-03-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-04-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-15] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 16:10 - 2017-04-15 16:12 - 00013036 _____ C:\Users\Niko\Downloads\FRST.txt
2017-04-15 16:10 - 2017-04-15 16:10 - 02424832 _____ (Farbar) C:\Users\Niko\Downloads\FRST64.exe
2017-04-15 15:26 - 2017-04-15 15:26 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-04-15 15:26 - 2017-04-15 15:26 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-15 15:26 - 2017-04-15 15:26 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-15 15:26 - 2017-04-15 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-04-15 15:25 - 2017-04-15 15:26 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-15 15:24 - 2017-04-15 15:25 - 35207600 _____ (Adlice Software ) C:\Users\Niko\Downloads\setup.exe
2017-04-15 12:16 - 2017-04-15 13:51 - 00000000 ____D C:\Users\Niko\Documents\VirtualDJ
2017-04-15 12:16 - 2017-04-15 12:16 - 00001023 _____ C:\Users\Niko\Desktop\VirtualDJ 8.lnk
2017-04-15 12:16 - 2017-04-15 12:16 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2017-04-15 12:16 - 2017-04-15 12:16 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2017-04-15 12:10 - 2017-04-15 12:10 - 39305216 _____ C:\Users\Niko\Downloads\install_virtualdj_pc_v8.2.3678.msi
2017-04-14 18:13 - 2017-04-14 18:13 - 00001661 _____ C:\Users\Niko\Desktop\MassEffect2Launcher - Shortcut.lnk
2017-04-14 18:13 - 2017-04-14 18:13 - 00000000 ____D C:\Users\Niko\Documents\BioWare
2017-04-14 18:08 - 2017-04-14 18:08 - 00000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2017-04-14 18:08 - 2017-04-14 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-04-14 18:08 - 2017-04-14 18:08 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-04-14 17:39 - 2017-04-14 17:54 - 00000000 ____D C:\Program Files (x86)\Mass Effect 2
2017-04-10 17:00 - 2017-04-10 17:01 - 00000000 ____D C:\Users\Niko\Desktop\miqotenewbody
2017-04-10 11:32 - 2017-04-10 11:32 - 00001973 _____ C:\Users\Niko\Desktop\skse_loader - Shortcut.lnk
2017-04-10 11:25 - 2015-05-23 17:54 - 00000000 ____D C:\Users\Niko\Desktop\skse_1_07_03
2017-04-10 11:18 - 2017-04-10 11:18 - 00000221 _____ C:\Users\Niko\Desktop\The Elder Scrolls V Skyrim.url
2017-04-10 11:11 - 2017-04-10 11:11 - 00000931 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-04-10 11:11 - 2017-04-10 11:11 - 00000000 ____D C:\Users\Niko\AppData\Local\Black_Tree_Gaming
2017-04-10 11:11 - 2017-04-10 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-04-10 11:11 - 2017-04-10 11:11 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-04-10 11:05 - 2017-04-11 00:37 - 00000000 ____D C:\Users\Niko\AppData\Local\Skyrim
2017-04-10 10:59 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2017-04-10 10:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2017-04-10 10:59 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2017-04-10 10:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2017-04-10 10:59 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2017-04-10 10:59 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2017-04-10 10:59 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2017-04-10 10:58 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2017-04-10 10:58 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2017-04-10 10:58 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2017-04-10 10:58 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2017-04-10 10:58 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2017-04-10 10:58 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2017-04-10 10:58 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2017-04-10 10:58 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2017-04-10 10:58 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2017-04-10 10:58 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2017-04-10 10:58 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2017-04-10 10:58 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2017-04-10 10:58 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2017-04-10 10:58 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2017-04-10 10:58 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2017-04-10 10:58 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2017-04-10 10:58 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2017-04-10 10:58 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2017-04-10 10:58 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2017-04-10 10:58 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2017-04-10 10:58 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2017-04-10 10:58 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2017-04-10 10:58 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2017-04-10 10:58 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2017-04-10 10:58 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2017-04-10 10:58 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2017-04-10 10:58 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2017-04-10 10:58 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2017-04-10 10:58 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2017-04-10 10:58 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2017-04-10 10:58 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2017-04-10 10:58 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2017-04-10 10:58 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2017-04-10 10:58 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2017-04-10 10:58 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2017-04-10 10:58 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2017-04-10 10:58 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2017-04-10 10:58 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2017-04-10 10:58 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2017-04-10 10:58 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2017-04-10 10:58 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2017-04-10 10:58 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2017-04-10 10:58 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2017-04-10 10:58 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2017-04-10 10:58 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2017-04-10 10:58 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2017-04-10 10:58 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2017-04-10 10:58 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2017-04-10 10:58 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2017-04-10 10:58 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2017-04-10 10:58 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2017-04-10 10:58 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2017-04-10 10:58 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2017-04-10 10:58 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2017-04-10 10:58 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2017-04-10 10:58 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2017-04-10 10:58 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2017-04-10 10:58 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2017-04-10 10:58 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2017-04-10 10:58 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2017-04-10 10:58 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2017-04-10 10:58 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2017-04-10 10:58 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2017-04-10 10:58 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2017-04-10 10:58 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2017-04-10 10:58 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2017-04-10 10:58 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2017-04-10 10:58 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2017-04-10 10:58 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2017-04-10 10:58 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2017-04-10 10:58 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2017-04-10 10:58 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2017-04-10 10:58 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2017-04-10 10:58 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2017-04-10 10:58 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2017-04-10 10:58 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2017-04-10 10:58 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2017-04-10 10:58 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2017-04-10 10:58 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2017-04-10 10:58 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2017-04-10 10:58 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2017-04-10 10:58 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2017-04-10 10:58 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2017-04-10 10:58 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2017-04-10 10:58 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2017-04-10 10:58 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2017-04-10 10:58 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2017-04-10 10:58 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2017-04-10 10:57 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2017-04-10 10:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2017-04-10 10:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2017-04-10 10:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2017-04-10 10:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2017-04-10 10:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2017-04-10 10:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2017-04-10 10:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2017-04-10 10:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2017-04-10 10:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2017-04-10 10:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2017-04-10 10:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2017-04-10 10:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2017-04-10 10:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2017-04-10 10:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2017-04-10 10:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2017-04-10 10:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2017-04-10 10:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2017-04-08 21:27 - 2017-04-08 21:28 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Mount&Blade Warband
2017-04-08 21:27 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2017-04-08 21:27 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2017-04-08 21:27 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2017-04-08 21:27 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2017-04-08 20:43 - 2017-04-08 20:43 - 03323532 _____ C:\Users\Niko\Downloads\Altman_Vaudeville.pdf
2017-04-08 20:42 - 2017-04-08 20:47 - 185515082 _____ C:\Users\Niko\Downloads\9Star Films 1905 Catalogue copy.pdf
2017-04-08 20:42 - 2017-04-08 20:43 - 12898939 _____ C:\Users\Niko\Downloads\9AM&B The Mutoscope A Moneymaker 1898 copy.pdf
2017-04-08 20:42 - 2017-04-08 20:43 - 05206731 _____ C:\Users\Niko\Downloads\Abel, The French Rooster Rules the Roost.pdf
2017-04-08 20:42 - 2017-04-08 20:42 - 06067282 _____ C:\Users\Niko\Downloads\9Catalogue of New Films 1899.pdf
2017-04-08 20:42 - 2017-04-08 20:42 - 02146661 _____ C:\Users\Niko\Downloads\9Edison Films The Great Train Robbery.pdf
2017-04-08 20:42 - 2017-04-08 20:42 - 01607281 _____ C:\Users\Niko\Downloads\Gaudreault.pdf
2017-04-08 20:41 - 2017-04-08 20:46 - 154472986 _____ C:\Users\Niko\Downloads\The_Oxford_History_Of_World_Cinema.PDF
2017-04-08 20:41 - 2017-04-08 20:45 - 124268413 _____ C:\Users\Niko\Downloads\9AM&B Photocatlogue 1898, 1905 Vol 1 Nos 1-499 copy.pdf
2017-04-07 18:21 - 2017-04-07 18:26 - 00001749 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-07 18:21 - 2017-04-07 18:21 - 00000000 ____D C:\Riot Games
2017-04-07 18:21 - 2017-04-07 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-04-07 18:21 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2017-04-07 18:21 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2017-04-07 18:21 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-04-07 18:21 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-04-07 18:21 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-04-07 18:06 - 2017-04-07 18:21 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Riot Games
2017-04-07 18:05 - 2017-04-07 18:06 - 28411368 _____ (Riot Games) C:\Users\Niko\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe
2017-04-06 20:44 - 2017-04-06 20:44 - 01010545 _____ C:\Users\Niko\Downloads\taylor_cisgender-privilege.pdf
2017-04-06 20:35 - 2017-04-06 20:35 - 00107997 _____ C:\Users\Niko\Downloads\S Somerville Queer.pdf
2017-04-06 19:37 - 2017-04-06 19:37 - 00000000 ____D C:\Users\Niko\AppData\Local\Steam
2017-04-06 14:00 - 2017-04-06 14:00 - 00610697 _____ C:\Users\Niko\Downloads\1149275.pdf
2017-04-06 13:10 - 2017-04-06 13:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-04-04 16:49 - 2017-04-04 16:49 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-04 16:49 - 2017-04-04 16:49 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 16:48 - 2017-04-05 09:47 - 00000000 ____D C:\Users\Niko\AppData\Local\Google
2017-04-04 16:48 - 2017-04-04 16:49 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-04 16:48 - 2017-04-04 16:48 - 01129376 _____ (Google Inc.) C:\Users\Niko\Downloads\ChromeSetup.exe
2017-04-01 21:47 - 2017-04-01 21:47 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-04-01 21:43 - 2017-04-06 13:11 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Apple Computer
2017-04-01 21:43 - 2017-04-01 21:43 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-01 21:43 - 2017-04-01 21:43 - 00000000 ____D C:\Users\Niko\AppData\Local\Apple Computer
2017-04-01 21:43 - 2017-04-01 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-01 21:41 - 2017-04-01 21:43 - 00000000 ____D C:\Program Files\iTunes
2017-04-01 21:41 - 2017-04-01 21:41 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-01 21:41 - 2017-04-01 21:41 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-01 21:41 - 2017-04-01 21:41 - 00000000 ____D C:\Program Files\iPod
2017-04-01 21:41 - 2017-04-01 21:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-01 21:40 - 2017-04-01 21:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-01 21:40 - 2017-04-01 21:40 - 00000000 ____D C:\Program Files\Bonjour
2017-04-01 21:40 - 2017-04-01 21:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-01 21:39 - 2017-04-01 21:41 - 00000000 ____D C:\ProgramData\Apple
2017-04-01 21:32 - 2017-04-15 15:15 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-01 21:32 - 2017-04-01 21:32 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2017-04-01 21:32 - 2017-04-01 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-01 21:31 - 2017-04-01 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-01 21:31 - 2017-04-01 21:31 - 00000000 ____D C:\Program Files\7-Zip
2017-04-01 21:30 - 2017-04-15 15:21 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-01 21:30 - 2017-04-15 15:21 - 00092096 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-04-01 21:30 - 2017-04-15 15:21 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-04-01 21:30 - 2017-04-13 19:54 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-04-01 21:30 - 2017-04-01 21:30 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-04-01 21:30 - 2017-04-01 21:30 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 21:30 - 2017-04-01 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-04-01 21:30 - 2017-04-01 21:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 21:30 - 2017-04-01 21:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 21:30 - 2017-03-24 04:10 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-04-01 21:29 - 2017-04-01 21:33 - 05718872 _____ (Microsoft Corporation) C:\Users\Niko\Downloads\vcredist_x64.exe
2017-04-01 21:26 - 2017-04-01 21:32 - 01446792 _____ C:\Users\Niko\Downloads\SteamSetup.exe
2017-04-01 21:25 - 2017-04-01 21:26 - 01381582 _____ (Igor Pavlov) C:\Users\Niko\Downloads\7z1604-x64.exe
2017-04-01 21:24 - 2017-04-01 21:29 - 59272008 _____ (Malwarebytes ) C:\Users\Niko\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 21:21 - 2017-04-01 21:38 - 257659208 _____ (Apple Inc.) C:\Users\Niko\Downloads\iTunes64Setup.exe
2017-04-01 17:49 - 2017-04-01 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-04-01 17:49 - 2017-04-01 17:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 17:48 - 2017-04-01 17:48 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-04-01 17:46 - 2017-04-01 17:48 - 26157600 _____ C:\Users\Niko\Desktop\SeaToolsforWindowsSetup.exe
2017-04-01 15:30 - 2017-04-01 17:01 - 00000104 _____ C:\Users\Niko\Desktop\reply.txt
2017-04-01 15:24 - 2017-04-14 18:16 - 00000000 ____D C:\Users\Niko\AppData\Roaming\NVIDIA
2017-04-01 15:23 - 2017-04-01 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2017-04-01 15:23 - 2017-04-01 15:23 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2017-04-01 14:36 - 2017-04-01 14:39 - 05802211 _____ (Geeks3D ) C:\Users\Niko\Desktop\FurMark_1.18.2.0_Setup.exe
2017-04-01 14:20 - 2017-04-01 14:20 - 00055897 _____ C:\Users\Niko\Downloads\memtest86+-5.01.zip
2017-04-01 14:19 - 2017-04-01 14:33 - 00059523 _____ C:\Users\Niko\Desktop\memtest86+-5.01.iso.zip
2017-04-01 14:15 - 2017-04-15 16:08 - 00000000 ____D C:\Users\Niko\AppData\LocalLow\Mozilla
2017-04-01 14:13 - 2017-04-01 14:19 - 00000000 ____D C:\Users\Niko\AppData\Local\Mozilla
2017-04-01 14:13 - 2017-04-01 14:15 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Mozilla
2017-04-01 14:12 - 2017-04-01 14:12 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-01 14:12 - 2017-04-01 14:12 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-01 14:12 - 2017-04-01 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-01 14:12 - 2017-04-01 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-01 14:10 - 2017-04-01 14:10 - 00245416 _____ C:\Users\Niko\Downloads\Firefox Setup Stub 52.0.2.exe
2017-03-31 22:05 - 2017-04-07 17:52 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-31 22:03 - 2017-04-14 17:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-31 22:03 - 2017-04-14 17:50 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-31 21:29 - 2017-03-31 21:29 - 00000000 ____D C:\Users\Niko\AppData\Local\CEF
2017-03-31 21:28 - 2017-03-31 21:28 - 00000000 ____D C:\ProgramData\Riot Games
2017-03-31 20:21 - 2017-04-14 21:58 - 00000000 ____D C:\Users\Niko\AppData\Local\CrashDumps
2017-03-31 20:15 - 2017-03-31 20:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-31 20:15 - 2017-03-31 20:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-31 20:15 - 2017-02-06 04:07 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-03-31 20:15 - 2016-09-09 11:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-03-31 20:15 - 2016-09-09 11:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-03-31 20:15 - 2016-09-09 11:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-03-31 20:15 - 2016-09-09 11:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-03-31 19:56 - 2017-03-31 19:56 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Skype
2017-03-31 19:45 - 2017-03-31 19:45 - 00000000 ____D C:\Users\Niko\AppData\Local\MicrosoftEdge
2017-03-31 18:34 - 2017-03-31 18:34 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Macromedia
2017-03-31 18:33 - 2017-04-08 01:54 - 00002364 _____ C:\Users\Niko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-31 18:32 - 2017-03-31 18:32 - 00000000 ____D C:\Users\Niko\AppData\Local\Comms
2017-03-31 18:32 - 2017-03-31 18:32 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-31 18:31 - 2017-03-31 18:31 - 00000000 ____D C:\Users\Niko\AppData\Local\Publishers
2017-03-31 18:30 - 2017-04-10 11:51 - 00000000 ____D C:\Users\Niko\AppData\Local\Packages
2017-03-31 18:30 - 2017-04-01 15:23 - 00000000 ____D C:\Users\Niko\AppData\Local\VirtualStore
2017-03-31 18:30 - 2017-03-31 19:16 - 00000000 ____D C:\Users\Niko\AppData\Local\ConnectedDevicesPlatform
2017-03-31 18:30 - 2017-03-31 18:30 - 00000020 ___SH C:\Users\Niko\ntuser.ini
2017-03-31 18:30 - 2017-03-31 18:30 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Synaptics
2017-03-31 18:30 - 2017-03-31 18:30 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Adobe
2017-03-31 18:30 - 2017-03-31 18:30 - 00000000 ____D C:\Users\Niko\AppData\Local\TileDataLayer
2017-03-31 18:30 - 2017-03-31 18:30 - 00000000 ____D C:\ProgramData\Synaptics
2017-03-31 16:16 - 2017-03-31 16:16 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-03-31 16:16 - 2017-03-31 15:47 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-31 16:15 - 2017-04-08 21:13 - 00000000 ____D C:\Windows.old
2017-03-31 16:14 - 2017-03-31 15:19 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-03-31 16:12 - 2017-03-31 16:12 - 00000000 ____D C:\Program Files\Synaptics
2017-03-31 16:12 - 2017-03-31 16:12 - 00000000 ____D C:\Program Files (x86)\HP
2017-03-31 16:11 - 2017-03-31 16:11 - 00000000 ____D C:\WINDOWS\Setup
2017-03-31 16:07 - 2017-03-31 16:07 - 00000000 ____D C:\WINDOWS\OCR
2017-03-31 16:07 - 2017-03-31 16:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-31 16:07 - 2017-03-31 16:07 - 00000000 ____D C:\Program Files\MSBuild
2017-03-31 16:07 - 2017-03-31 16:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-31 16:07 - 2017-03-31 16:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\0409
2017-03-31 16:06 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-03-31 16:02 - 2017-04-01 11:52 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-31 16:02 - 2017-04-01 11:52 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 16:00 - 2017-04-15 16:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-03-31 16:00 - 2017-04-15 15:21 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-31 16:00 - 2017-04-15 12:05 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-31 16:00 - 2017-04-05 15:33 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-31 16:00 - 2017-04-01 21:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-31 16:00 - 2017-04-01 14:11 - 00000000 ____D C:\WINDOWS\appcompat
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-31 16:00 - 2017-03-31 22:51 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\Provisioning
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-31 16:00 - 2017-03-31 22:50 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-31 16:00 - 2017-03-31 22:48 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-03-31 16:00 - 2017-03-31 16:07 - 00000000 ____D C:\WINDOWS\SystemApps
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\system32\Com
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\WINDOWS\IME
2017-03-31 16:00 - 2017-03-31 16:06 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 __RSD C:\WINDOWS\Media
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Web
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Vss
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\tracing
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\TAPI
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SystemResources
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\spool
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\ras
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\IME
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\ias
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\System
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SKB
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\security
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\schemas
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\SchCache
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Resources
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Registration
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\PLA
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Performance
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\InputMethod
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Globalization
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Cursors
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\Branding
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\addins
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\ProgramData\Comms
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files\Windows NT
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files\Common Files\Services
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-03-31 16:00 - 2017-03-31 16:00 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-31 16:00 - 2017-03-31 15:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-03-31 16:00 - 2017-03-31 15:58 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-03-31 16:00 - 2017-03-31 15:58 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-03-31 16:00 - 2017-03-31 15:58 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-03-31 16:00 - 2017-03-31 15:58 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-03-31 16:00 - 2017-03-31 15:58 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-03-31 16:00 - 2017-03-31 15:58 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-03-31 16:00 - 2017-03-31 15:58 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-03-31 16:00 - 2017-03-31 15:58 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-03-31 16:00 - 2017-03-31 15:58 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-03-31 16:00 - 2017-03-31 15:58 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-03-31 16:00 - 2017-03-31 15:58 - 00000219 _____ C:\WINDOWS\system.ini
2017-03-31 16:00 - 2017-03-31 15:58 - 00000092 _____ C:\WINDOWS\win.ini
2017-03-31 16:00 - 2017-03-31 15:50 - 00000000 ____D C:\WINDOWS\rescache
2017-03-31 16:00 - 2017-03-31 15:45 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-31 16:00 - 2017-03-31 15:45 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-03-31 16:00 - 2017-03-31 15:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-31 16:00 - 2017-03-31 15:37 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-03-31 16:00 - 2017-03-31 15:36 - 00000000 ____D C:\WINDOWS\CSC
2017-03-31 16:00 - 2017-03-31 15:30 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-03-31 16:00 - 2017-03-31 15:28 - 00000000 ____D C:\WINDOWS\Help
2017-03-31 16:00 - 2017-03-31 15:21 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-31 16:00 - 2017-01-13 19:38 - 00103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-03-31 15:59 - 2017-04-07 18:02 - 00000000 ____D C:\WINDOWS\INF
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\Default User
2017-03-31 15:47 - 2017-03-31 15:47 - 00000000 _SHDL C:\Users\All Users
2017-03-31 15:45 - 2017-04-15 16:07 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-31 15:45 - 2017-03-31 15:45 - 00018912 _____ C:\Users\Niko\Desktop\Removed Apps.html
2017-03-31 15:42 - 2017-04-13 19:57 - 01074616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-31 15:37 - 2017-03-31 22:50 - 00000000 ____D C:\WINDOWS\servicing
2017-03-31 15:37 - 2017-03-31 16:00 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-03-31 15:35 - 2017-04-15 15:15 - 00000000 ____D C:\Users\Niko
2017-03-31 15:35 - 2017-04-01 21:32 - 00000000 ___HD C:\$SysReset
2017-03-31 15:35 - 2017-04-01 15:19 - 00000000 ____D C:\Users\Administrator2
2017-03-31 15:35 - 2017-04-01 14:10 - 00000000 ____D C:\Users\Administrator
2017-03-31 15:35 - 2017-03-31 15:44 - 00000000 ____D C:\Users\Niko Guest Space
2017-03-31 15:35 - 2017-03-31 15:44 - 00000000 ____D C:\Users\DefaultAppPool
2017-03-31 15:35 - 2017-03-31 15:35 - 00000000 _SHDL C:\Users\Niko\My Documents
2017-03-31 15:35 - 2017-03-31 15:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Videos
2017-03-31 15:35 - 2017-03-31 15:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Pictures
2017-03-31 15:35 - 2017-03-31 15:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Music
2017-03-31 15:28 - 2017-04-15 15:20 - 00000000 ____D C:\ProgramData\Validity
2017-03-31 15:28 - 2017-04-15 15:20 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-31 15:28 - 2017-03-31 15:28 - 00014568 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\ProgramData\SRS Labs
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-31 15:28 - 2017-03-31 15:28 - 00000000 ____D C:\Program Files\Realtek
2017-03-31 15:28 - 2017-02-06 04:37 - 06384576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-03-31 15:28 - 2017-02-06 04:37 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-03-31 15:28 - 2017-02-02 22:11 - 07774507 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-03-31 15:27 - 2017-04-15 15:23 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-31 15:27 - 2017-03-31 20:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-31 15:27 - 2017-03-31 20:05 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-31 15:27 - 2017-03-31 15:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-03-31 15:27 - 2017-03-31 15:27 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-03-31 15:27 - 2017-01-13 19:38 - 00099840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-03-31 15:26 - 2017-03-31 20:05 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-31 15:26 - 2017-03-31 15:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-03-31 15:26 - 2017-03-31 15:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-03-31 15:26 - 2017-03-31 15:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-03-31 15:26 - 2017-03-31 15:26 - 00000000 ____D C:\Program Files\Intel
2017-03-31 15:22 - 2017-03-04 00:09 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-31 15:21 - 2017-03-31 15:21 - 00000000 ____D C:\ProgramData\USOShared
2017-03-31 15:20 - 2017-04-15 15:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-31 15:19 - 2017-04-15 16:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-31 15:19 - 2017-03-31 23:04 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-29 18:01 - 2017-03-29 18:02 - 00017538 _____ C:\VEW.txt
2017-03-28 16:12 - 2017-03-28 16:12 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-28 10:19 - 2017-03-28 10:19 - 00000000 ____D C:\RegBackup
2017-03-26 18:57 - 2017-04-15 16:10 - 00000000 ____D C:\FRST
2017-03-26 17:52 - 2017-03-26 17:52 - 15701641 _____ C:\Users\Niko\Downloads\sdthroa and lol mod of it.7z
2017-03-25 13:28 - 2017-03-27 11:32 - 00000000 ____D C:\AdwCleaner
2017-03-24 16:48 - 2017-03-24 16:49 - 07099104 _____ C:\Users\Niko Guest Space\Downloads\20170324-011-IPS_IU_SEP.jdb
2017-03-24 16:44 - 2017-03-24 16:47 - 168775896 _____ C:\Users\Niko Guest Space\Downloads\20170324-003-v5i64.exe
2017-03-24 16:37 - 2017-03-24 16:39 - 167245704 _____ C:\Users\Niko Guest Space\Downloads\20170324-003-v5i32.exe
2017-03-24 16:37 - 2017-03-24 16:38 - 06207224 _____ C:\Users\Niko Guest Space\Downloads\20170324-011-IPS_IU_SEP.exe
2017-03-24 02:53 - 2017-03-24 02:54 - 635337260 _____ C:\Users\Niko\Downloads\The Shower Hour S2 Episode 20 March 24 2017.wav
2017-03-22 22:18 - 2017-04-07 18:07 - 00000000 ____D C:\Users\Niko\Desktop\Moduntandblade mods
2017-03-20 16:51 - 2017-03-20 16:51 - 00040242 _____ C:\Users\Niko\Downloads\17 - 1.webp
2017-03-19 16:25 - 2017-03-19 16:25 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-03-19 15:53 - 2017-04-15 11:59 - 00000590 _____ C:\Users\Niko\Desktop\docsn.txt
2017-03-17 11:42 - 2017-03-17 11:42 - 00043310 _____ C:\Users\Niko\Downloads\SINQ ePort Template Spr17 copy.html
2017-03-17 11:42 - 2017-03-17 11:42 - 00000000 ____D C:\Users\Niko\Downloads\SINQ ePort Template Spr17 copy_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 15:23 - 2015-08-25 17:25 - 00000000 __SHD C:\Users\Niko\IntelGraphicsProfiles
2017-04-15 13:53 - 2017-02-07 09:30 - 00000000 ____D C:\Users\Niko\Desktop\mods
2017-04-08 01:54 - 2016-07-04 11:32 - 00000000 ___RD C:\Users\Niko\OneDrive
2017-04-04 16:54 - 2015-11-25 17:34 - 00000000 ____D C:\Users\Niko\AppData\LocalLow\Temp
2017-04-01 17:45 - 2015-11-10 16:22 - 00000000 ____D C:\Users\Niko\Desktop\PSU
2017-04-01 15:05 - 2016-04-26 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-31 22:44 - 2016-05-27 11:06 - 00000000 ____D C:\Users\Niko\Downloads\sdthroa and lol mod of it
2017-03-31 21:21 - 2015-08-27 19:17 - 00000000 ____D C:\Users\Niko\Documents\Mount&Blade Warband Savegames
2017-03-31 15:53 - 2016-07-15 23:04 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-03-31 15:50 - 2016-07-15 23:04 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-03-28 11:00 - 2015-09-14 18:44 - 00000000 ____D C:\Users\Niko\Documents\Enter the Wu-Tang (36 Chambers)
2017-03-24 17:32 - 2016-04-18 14:49 - 00000000 ____D C:\NPE
2017-03-24 17:27 - 2016-07-04 11:31 - 00000000 ____D C:\Users\Niko\Documents\Youcam
2017-03-20 12:24 - 2016-11-03 14:47 - 00000000 ____D C:\Users\Niko\Documents\Sound recordings
2017-03-19 16:25 - 2016-06-02 13:35 - 00000000 ____D C:\Users\Niko\Documents\My Games
2017-03-19 16:18 - 2013-07-09 12:05 - 00000000 ____D C:\Users\Niko\Documents\half life 2 save

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

 

Thank you Kevin. Let me know if you want these logs from administrator in safe mode instead.

Edited by Jwinebago382
Link to post
Share on other sites

The entries in RogueKiller log are not malicious, they are safe...

Have you ran MemTest yet to check the RAM...?

I do not believe your system is infected, logs are clean and you have used System Refresh; that is reinstalling your OS. Run GMER scan, lets see if that finds anything malicious or infected....

Please download Gmer from Here by clicking on the "Download EXE" Button.
 
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    Sections
    IAT/EAT
    Show All
    ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.


Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

**If GMER crashes** Follow the instructions here and disable your security temporarily…
Link to post
Share on other sites

I will get right on both your suggestions, I bought a USB today with the intention of doing the memtest. Problem is when I tried to get into my admin account, it was a blacks screen so I panicked and did the roguekiller scan instead. But yeah I can't use or interact with my admin account at all, but I suppose I won't know for sure without doing the GMER scan. I will do the memtest tonight too.

Link to post
Share on other sites

Got 'em, the memtest said it found 0 errors.

ark.txt

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-04-16 02:14:19
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038 WDC_WD10JPVX-60JC3T0 rev.01.01A01 931.51GB
Running: q0jtwuu5.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fwldypoc.sys


---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\csrss.exe [576:640]                                                                                                                                 fffff44197136c20

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions                                                                                                                 NOEXECUTE=OPTIN
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MSBDD_CMN15CA0_27_07DE_48_1414_008D_FFFFFFFF_FFFFFFFF_0^213AFC9225672D6335569145637D715A@Timestamp  0x72 0x5B 0x5D 0xA2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                                        736
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber                                                                                      1937689
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                                       -459666550
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId                                                                       13
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime                                                                     501978481
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                                                    4970
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime                                                                                                  3345
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                                        28e253a6-24b5-4241-abf9-0e42a76
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\amdsbs\Parameters\Device-1@RaidCount                                                                                             1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\d85de2a76c22                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group                                                                                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop                                                                                        0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media                                    
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@TotalBytes                         0x00 0x00 0x79 0xAB ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@FreeBytes                          0x00 0x00 0x00 0x00 ...
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Blank Disc                         0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Can Close                          0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Media Type                         16
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Imapi Media State                  40960
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@IsImapiDataBurnSupported           0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@IsImapiEraseSupported              0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Live FS                            0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Disc Label                         MassEffect2
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{dd142995-165f-11e7-910d-806e6f6e6963}\Current Media@Set                                1
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac}                                                      
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{872f8dc8-dde4-43bd-ac7a-e3d9fe86ceac}@AutoStart                                            
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown                                                                                          1
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402                                                    
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CachePrefix                                        :2017040120170402: 
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CachePath                                          C:\Users\Administrator2\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017040120170402
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CacheRelativePath                                  Microsoft\Windows\History\History.IE5\MSHist012017040120170402
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CacheOptions                                       11
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CacheRepair                                        0
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012017040120170402@CacheLimit                                         1
Reg     HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\SystemReset@SystemResetAttempts                                                                                          3

---- EOF - GMER 2.2 ----
 

Link to post
Share on other sites

Thanks for that log, I`ve attached "fixme.zip" to this reply, Download and unzip to your Desktop so you have fixme.bat Right click on fixme.bat and select "Run as Administrator" re-boot when complete...

Next,

Run Defender Offline Scan, use Option Three from the following link: https://www.tenforums.com/tutorials/42305-windows-defender-offline-scan-windows-10-a.html

 

fixme.zip

Edited by kevinf80
Link to post
Share on other sites

Two problems,

I still can't access my admin account in normal mode, all i get is a black screen but i can still move the mouse cursor around and use ctrl+alt+del. In safe mode, I can access my admi account. However, when i go to setting and click on 'update&security' the window closes itself every time. Therefore i have no way to use the 'scan offline' function on my laptop. What else could do this except a virus? I did do the bat file like you asked me to, i couldnt tell when it was finished working though so i waited a couple minutes before hitting 'restart.' Do i have another course of action? Thank you.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Thanks,

Kevin...
Link to post
Share on other sites

Hi Kevin,

I got more problems, and it is rather weird. So i plugged in the usb in the g:\ slot, got frst64 on it, but i noticed my computer had two g:\, one of which under 'This PC' and another under nothing at all. When i pull out the usb, both g:\ disappeared. So i ignored this but made a note of it, continued to shift and reboot from a fresh boot. But when i go to notepad from command prompt, and at this point i put the usb back into the laptop but in a different slot, notepad only shows a usb in h:\ and a cd slot for g:\, both of which shouldnt be there. And the 'open' tab on notepad also doesnt show the current usb in any new slot even after multiple attempts in different slots. So i gave up trying to activate frst64 from a usb, since it apparently cant even be recognized by my laptop. Anything else we can try?

Link to post
Share on other sites

Well that's the thing, I tried to find the usb in the 'open' tab of notepad from the command prompt. It only shows the usb slot h:\, but when i type into the command prompt h:\frst64, it gives the message "this does not exist as an internal or external command." Then i rebooted in a different slot for the usb, but it only shows h:\ for the usb in the 'open' tab of notepad from the command prompt. So i have no way to use frst64 from a usb because the laptop doesnt recognize it. Even if i leave the usb out of the laptop after the shift+reboot, the 'open' tab of notepad from the command prompt still shows a usb in h:\, which isnt the case.

Link to post
Share on other sites

Thanks for the update, what you describe seems to suggest the USB devices maybe turned off in recovery environment mode... OK try the following:

Please download Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit...

Next,

Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from there select "Command Prompt" ensure to plug the flash drive into an open USB port...

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in regedit and press Enter.
  • The registry editor opens.
  • Expand the following key Hkey_Local_Machine\System\ControlSet001\Services\USBStor
  • Double click direct on USBStor
  • Look to the right pane you will see the entry "start" its value should be 3 if USB is enabled.
  • If the value is different "Right" click on "start" and select "modify"
  • In the new box change value to 3, select ok and close out regedit


Next,

You should now be back to Command Prompt.... Continue please:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.



Thanks,

Kevin...
Link to post
Share on other sites

Hi,

So the usbstor 'start' value was already at 3 when i found it. Still cant activate frst by typing the command h:\frst64, still gives the 'cannot execute because its not an internal or external' thing. What i can do is from the 'open' tab of notepad is go to the usb and select 'run as administrator.' I didnt run the scan, but i clicked 'run as administrator' and frst64 popped up shortly after. I didnt run the scan though because I wanted to check with you if taking this different course was a good idea or not. But yeah, the command prompt still cant find the usb even though it pops up within the 'open' tab of notepad.

Thank you for your time.

Link to post
Share on other sites

Okay I got you, I didn't know if it would be less accurate or something weird. Here's the log:

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-04-2017
Ran by SYSTEM on MININT-C3737I4 (17-04-2017 11:56:02)
Running from H:\
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-27] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2016-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-01] (Broadcom Corporation.)
S2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1385640 2016-04-18] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373720 2017-01-13] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2016-04-28] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-04] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-27] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-01] (Broadcom Corporation.)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [47096 2016-04-18] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2016-04-18] (Intel Corporation)
S3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2016-04-18] (Intel Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2016-04-18] (Intel Corporation)
S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-04-16] ()
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-02] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-02] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-02] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-02] (Intel Corporation)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-01] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-04-16] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-22] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [391896 2015-03-22] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-04-28] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [79960 2016-10-04] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 01:16 - 2017-04-17 11:54 - 00000000 _____ C:\Recovery.txt
2017-04-17 00:03 - 2017-04-17 00:03 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-16 19:32 - 2017-04-16 19:32 - 03714522 _____ C:\Users\Niko\Downloads\Stryker Transgender Hist002.pdf
2017-04-16 19:32 - 2017-04-16 19:32 - 01478432 _____ C:\Users\Niko\Downloads\CAinsworth.pdf
2017-04-16 17:27 - 2017-04-16 17:27 - 00000203 _____ C:\Users\Niko\Downloads\fixme.zip
2017-04-16 17:27 - 2017-04-16 17:27 - 00000203 _____ C:\Users\Niko\Desktop\fixme.zip
2017-04-16 17:27 - 2017-04-16 17:27 - 00000000 ____D C:\Users\Niko\Desktop\fixme
2017-04-16 01:17 - 2017-04-16 01:17 - 00000000 ____D C:\Users\Administrator2\Documents\BioWare
2017-04-16 01:14 - 2017-04-16 01:15 - 00000000 ____D C:\Users\Administrator2\Desktop\memtest
2017-04-16 01:14 - 2017-04-16 01:14 - 00007892 _____ C:\Users\Administrator2\Desktop\ark'.txt
2017-04-16 01:06 - 2017-04-16 00:35 - 00380928 _____ C:\Users\Administrator2\Desktop\q0jtwuu5.exe
2017-04-16 01:05 - 2017-04-16 00:37 - 07012007 _____ C:\Users\Administrator2\Desktop\memtest86-usb.zip
2017-04-16 00:49 - 2017-04-16 00:49 - 00007816 _____ C:\Users\Administrator2\Desktop\ark4.txt
2017-04-16 00:37 - 2017-04-16 00:37 - 07012007 _____ C:\Users\Niko\Desktop\memtest86-usb.zip
2017-04-16 00:35 - 2017-04-16 00:35 - 00380928 _____ C:\Users\Niko\Desktop\q0jtwuu5.exe
2017-04-15 15:28 - 2017-04-16 18:10 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-15 15:13 - 2017-04-15 15:15 - 00025317 _____ C:\Users\Niko\Downloads\Addition.txt
2017-04-15 15:10 - 2017-04-15 15:15 - 00069621 _____ C:\Users\Niko\Downloads\FRST.txt
2017-04-15 15:10 - 2017-04-15 15:10 - 02424832 _____ (Farbar) C:\Users\Niko\Downloads\FRST64.exe
2017-04-15 14:26 - 2017-04-15 15:18 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-15 14:26 - 2017-04-15 14:26 - 00028272 _____ C:\Windows\System32\Drivers\TrueSight.sys
2017-04-15 14:26 - 2017-04-15 14:26 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-04-15 14:25 - 2017-04-15 14:26 - 00000000 ____D C:\Program Files\RogueKiller
2017-04-15 14:24 - 2017-04-15 14:25 - 35207600 _____ (Adlice Software ) C:\Users\Niko\Downloads\setup.exe
2017-04-15 14:18 - 2017-04-15 14:18 - 00000000 ____D C:\Users\Administrator2\AppData\Local\Google
2017-04-15 11:16 - 2017-04-15 12:51 - 00000000 ____D C:\Users\Niko\Documents\VirtualDJ
2017-04-15 11:16 - 2017-04-15 11:16 - 00001023 _____ C:\Users\Niko\Desktop\VirtualDJ 8.lnk
2017-04-15 11:16 - 2017-04-15 11:16 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2017-04-15 11:10 - 2017-04-15 11:10 - 39305216 _____ C:\Users\Niko\Downloads\install_virtualdj_pc_v8.2.3678.msi
2017-04-14 17:13 - 2017-04-14 17:13 - 00001661 _____ C:\Users\Niko\Desktop\MassEffect2Launcher - Shortcut.lnk
2017-04-14 17:13 - 2017-04-14 17:13 - 00000000 ____D C:\Users\Niko\Documents\BioWare
2017-04-14 17:08 - 2017-04-14 17:08 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2017-04-14 17:08 - 2017-04-14 17:08 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-04-14 16:39 - 2017-04-14 16:54 - 00000000 ____D C:\Program Files (x86)\Mass Effect 2
2017-04-13 17:54 - 2017-03-27 23:10 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-04-13 17:54 - 2017-03-27 23:10 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-13 17:54 - 2017-03-27 22:21 - 00167848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2017-04-13 17:54 - 2017-03-27 22:19 - 00601712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-04-13 17:54 - 2017-03-27 22:15 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-04-13 17:54 - 2017-03-27 22:07 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-13 17:54 - 2017-03-27 22:05 - 01504056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 05721808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 02262776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 01431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 00975744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 00861024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 00277344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2017-04-13 17:54 - 2017-03-27 22:04 - 00136032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostUser.dll
2017-04-13 17:54 - 2017-03-27 22:04 - 00116568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-04-13 17:54 - 2017-03-27 22:02 - 01980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-04-13 17:54 - 2017-03-27 22:02 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-04-13 17:54 - 2017-03-27 22:02 - 00576408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-04-13 17:54 - 2017-03-27 21:59 - 06667520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-13 17:54 - 2017-03-27 21:59 - 04023008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 01851688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 01344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 01277856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 01202936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 00981888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-04-13 17:54 - 2017-03-27 21:58 - 00961192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-13 17:54 - 2017-03-27 21:53 - 01414728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-04-13 17:54 - 2017-03-27 21:53 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-04-13 17:54 - 2017-03-27 21:52 - 00306800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2017-04-13 17:54 - 2017-03-27 21:48 - 05685760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-04-13 17:54 - 2017-03-27 21:42 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-04-13 17:54 - 2017-03-27 21:37 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys
2017-04-13 17:54 - 2017-03-27 21:36 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-13 17:54 - 2017-03-27 21:35 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2017-04-13 17:54 - 2017-03-27 21:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-13 17:54 - 2017-03-27 21:33 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-04-13 17:54 - 2017-03-27 21:32 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-13 17:54 - 2017-03-27 21:32 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2017-04-13 17:54 - 2017-03-27 21:32 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 17:54 - 2017-03-27 21:30 - 00819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2017-04-13 17:54 - 2017-03-27 21:30 - 00075264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-04-13 17:54 - 2017-03-27 21:28 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-13 17:54 - 2017-03-27 21:25 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-04-13 17:54 - 2017-03-27 21:25 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2017-04-13 17:54 - 2017-03-27 21:24 - 04614656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-04-13 17:54 - 2017-03-27 21:24 - 00901120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-13 17:54 - 2017-03-27 21:24 - 00675840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-04-13 17:54 - 2017-03-27 21:23 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-04-13 17:54 - 2017-03-27 21:23 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2017-04-13 17:54 - 2017-03-27 21:22 - 00516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2017-04-13 17:54 - 2017-03-27 21:22 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2017-04-13 17:54 - 2017-03-27 21:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2017-04-13 17:54 - 2017-03-27 21:20 - 03307008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-04-13 17:54 - 2017-03-27 21:20 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2017-04-13 17:54 - 2017-03-27 21:19 - 00746496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2017-04-13 17:54 - 2017-03-27 21:17 - 06109696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2017-04-13 17:54 - 2017-03-27 21:17 - 00895488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2017-04-13 17:54 - 2017-03-27 21:16 - 03198464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2017-04-13 17:54 - 2017-03-27 21:16 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-04-13 17:54 - 2017-03-27 21:14 - 07468544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-04-13 17:54 - 2017-03-27 21:14 - 00641024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-04-13 17:54 - 2017-03-27 21:14 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2017-04-13 17:54 - 2017-03-27 21:13 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2017-04-13 17:54 - 2017-03-27 21:13 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-13 17:54 - 2017-03-27 21:13 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-04-13 17:54 - 2017-03-27 21:13 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 01004544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00691200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2017-04-13 17:54 - 2017-03-27 21:12 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-13 17:54 - 2017-03-27 21:11 - 02994176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-04-13 17:54 - 2017-03-27 21:11 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2017-04-13 17:54 - 2017-03-27 21:11 - 01600000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-13 17:54 - 2017-03-27 21:11 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-13 17:54 - 2017-03-27 21:10 - 02483200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-13 17:54 - 2017-03-27 21:09 - 03106304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-04-13 17:54 - 2017-03-27 21:08 - 01564160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-13 17:54 - 2017-03-27 21:08 - 00783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2017-04-13 17:54 - 2017-03-15 20:38 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CompPkgSup.dll
2017-04-13 17:53 - 2017-03-27 22:32 - 00198856 _____ (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2017-04-13 17:53 - 2017-03-27 22:29 - 02213248 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-04-13 17:53 - 2017-03-27 22:28 - 00773720 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2017-04-13 17:53 - 2017-03-27 22:26 - 00218520 _____ (Microsoft Corporation) C:\Windows\System32\LsaIso.exe
2017-04-13 17:53 - 2017-03-27 22:20 - 01181024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2017-04-13 17:53 - 2017-03-27 22:18 - 01705976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-13 17:53 - 2017-03-27 22:11 - 01860288 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2017-04-13 17:53 - 2017-03-27 22:11 - 00360040 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
2017-04-13 17:53 - 2017-03-27 22:10 - 07220184 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2017-04-13 17:53 - 2017-03-27 22:10 - 01293152 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManager.dll
2017-04-13 17:53 - 2017-03-27 22:09 - 00097128 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-13 17:53 - 2017-03-27 22:06 - 00092512 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 22221368 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 08168512 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 04260576 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 01988048 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 01848584 _____ (Microsoft Corporation) C:\Windows\System32\mfsrcsnk.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 01702392 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 01302136 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll
2017-04-13 17:53 - 2017-03-27 22:05 - 01072248 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2017-04-13 17:53 - 2017-03-27 21:59 - 02533728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2017-04-13 17:53 - 2017-03-27 21:58 - 00387872 _____ (Microsoft Corporation) C:\Windows\System32\wmpps.dll
2017-04-13 17:53 - 2017-03-27 21:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-04-13 17:53 - 2017-03-27 21:41 - 00415744 _____ (Microsoft Corporation) C:\Windows\System32\rdpshell.exe
2017-04-13 17:53 - 2017-03-27 21:41 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2017-04-13 17:53 - 2017-03-27 21:40 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-04-13 17:53 - 2017-03-27 21:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2017-04-13 17:53 - 2017-03-27 21:40 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-13 17:53 - 2017-03-27 21:39 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2017-04-13 17:53 - 2017-03-27 21:39 - 00040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBrokerUI.dll
2017-04-13 17:53 - 2017-03-27 21:38 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2017-04-13 17:53 - 2017-03-27 21:38 - 00119808 _____ (Microsoft Corporation) C:\Windows\System32\UserDataTimeUtil.dll
2017-04-13 17:53 - 2017-03-27 21:38 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2017-04-13 17:53 - 2017-03-27 21:37 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apds.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00097792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.SystemManagement.dll
2017-04-13 17:53 - 2017-03-27 21:37 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\musdialoghandlers.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00769024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsecsnp.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00237568 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Web.Diagnostics.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-13 17:53 - 2017-03-27 21:36 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicDisplay.sys
2017-04-13 17:53 - 2017-03-27 21:35 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00233472 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2017-04-13 17:53 - 2017-03-27 21:35 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-04-13 17:53 - 2017-03-27 21:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Lights.dll
2017-04-13 17:53 - 2017-03-27 21:35 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2017-04-13 17:53 - 2017-03-27 21:35 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-13 17:53 - 2017-03-27 21:34 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2017-04-13 17:53 - 2017-03-27 21:34 - 00237568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-04-13 17:53 - 2017-03-27 21:34 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2017-04-13 17:53 - 2017-03-27 21:34 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00467968 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Gaming.XboxLive.Storage.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ipsmsnap.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00265728 _____ C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\WinRtTracing.dll
2017-04-13 17:53 - 2017-03-27 21:33 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Core.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 01243136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-04-13 17:53 - 2017-03-27 21:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vaultcli.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2017-04-13 17:53 - 2017-03-27 21:32 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2017-04-13 17:53 - 2017-03-27 21:31 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-13 17:53 - 2017-03-27 21:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2017-04-13 17:53 - 2017-03-27 21:31 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2017-04-13 17:53 - 2017-03-27 21:31 - 00390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2017-04-13 17:53 - 2017-03-27 21:31 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\NetworkBindingEngineMigPlugin.dll
2017-04-13 17:53 - 2017-03-27 21:30 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2017-04-13 17:53 - 2017-03-27 21:30 - 00816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2017-04-13 17:53 - 2017-03-27 21:30 - 00787968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2017-04-13 17:53 - 2017-03-27 21:30 - 00748544 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2017-04-13 17:53 - 2017-03-27 21:30 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00590336 _____ (Microsoft Corporation) C:\Windows\System32\efswrt.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00529920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00293888 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2017-04-13 17:53 - 2017-03-27 21:29 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00561664 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Wallet.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00551936 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00456192 _____ (Microsoft Corporation) C:\Windows\System32\puiobj.dll
2017-04-13 17:53 - 2017-03-27 21:28 - 00358912 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.dll
2017-04-13 17:53 - 2017-03-27 21:27 - 01388544 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Cred.dll
2017-04-13 17:53 - 2017-03-27 21:27 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2017-04-13 17:53 - 2017-03-27 21:27 - 00245760 _____ (Microsoft Corporation) C:\Windows\System32\WwaApi.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 01145344 _____ (Microsoft Corporation) C:\Windows\System32\EmailApis.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 00642048 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.InkControls.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 00549376 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-13 17:53 - 2017-03-27 21:26 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2017-04-13 17:53 - 2017-03-27 21:25 - 01196544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2017-04-13 17:53 - 2017-03-27 21:25 - 00963584 _____ (Microsoft Corporation) C:\Windows\System32\WebcamUi.dll
2017-04-13 17:53 - 2017-03-27 21:24 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-04-13 17:53 - 2017-03-27 21:24 - 06288384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2017-04-13 17:53 - 2017-03-27 21:23 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-04-13 17:53 - 2017-03-27 21:23 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2017-04-13 17:53 - 2017-03-27 21:22 - 00175616 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-13 17:53 - 2017-03-27 21:22 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\enrollmentapi.dll
2017-04-13 17:53 - 2017-03-27 21:21 - 03778048 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2017-04-13 17:53 - 2017-03-27 21:21 - 01403392 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Editing.dll
2017-04-13 17:53 - 2017-03-27 21:21 - 00458752 _____ (Microsoft Corporation) C:\Windows\System32\RTMediaFrame.dll
2017-04-13 17:53 - 2017-03-27 21:20 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 07655424 _____ (Microsoft Corporation) C:\Windows\System32\mos.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 00864256 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 00713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2017-04-13 17:53 - 2017-03-27 21:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
2017-04-13 17:53 - 2017-03-27 21:18 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-04-13 17:53 - 2017-03-27 21:18 - 01078784 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Streaming.dll
2017-04-13 17:53 - 2017-03-27 21:17 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToReceiver.dll
2017-04-13 17:53 - 2017-03-27 21:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-04-13 17:53 - 2017-03-27 21:16 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Audio.dll
2017-04-13 17:53 - 2017-03-27 21:16 - 00134144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ErrorDetails.dll
2017-04-13 17:53 - 2017-03-27 21:15 - 02390016 _____ (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
2017-04-13 17:53 - 2017-03-27 21:15 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-04-13 17:53 - 2017-03-27 21:14 - 03520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2017-04-13 17:53 - 2017-03-27 21:14 - 01080320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Ocr.dll
2017-04-13 17:53 - 2017-03-27 21:14 - 00947712 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll
2017-04-13 17:53 - 2017-03-27 21:14 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2017-04-13 17:53 - 2017-03-27 21:14 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Devices.dll
2017-04-13 17:53 - 2017-03-27 21:13 - 04596224 _____ (Microsoft Corporation) C:\Windows\System32\xpsrchvw.exe
2017-04-13 17:53 - 2017-03-27 21:13 - 01656320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
2017-04-13 17:53 - 2017-03-27 21:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll
2017-04-13 17:53 - 2017-03-27 21:12 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2017-04-13 17:53 - 2017-03-27 21:12 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\MbaeApiPublic.dll
2017-04-13 17:53 - 2017-03-27 21:12 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2017-04-13 17:53 - 2017-03-27 21:12 - 00598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2017-04-13 17:53 - 2017-03-27 21:12 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2017-04-13 17:53 - 2017-03-27 21:11 - 01981440 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2017-04-13 17:53 - 2017-03-27 21:11 - 01576448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-04-13 17:53 - 2017-03-27 21:11 - 00765440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Sensors.dll
2017-04-13 17:53 - 2017-03-27 21:11 - 00751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-13 17:53 - 2017-03-27 21:10 - 08076288 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-04-13 17:53 - 2017-03-27 21:10 - 02424320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Perception.dll
2017-04-13 17:53 - 2017-03-27 21:10 - 01424896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Maps.dll
2017-04-13 17:53 - 2017-03-27 21:10 - 01266176 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
2017-04-13 17:53 - 2017-03-27 21:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2017-04-13 17:53 - 2017-03-27 21:09 - 04149248 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2017-04-13 17:53 - 2017-03-27 21:09 - 01369088 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Phone.dll
2017-04-13 17:53 - 2017-03-27 21:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RADCUI.dll
2017-04-13 17:53 - 2017-03-27 21:06 - 00999424 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2017-04-13 17:53 - 2017-03-27 20:48 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-04-13 17:52 - 2017-03-27 22:28 - 07786336 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-04-13 17:52 - 2017-03-27 22:26 - 00603488 _____ (Microsoft Corporation) C:\Windows\System32\ContentDeliveryManager.Utilities.dll
2017-04-13 17:52 - 2017-03-27 22:22 - 02681200 _____ C:\Windows\System32\CoreUIComponents.dll
2017-04-13 17:52 - 2017-03-27 22:12 - 00328008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2017-04-13 17:52 - 2017-03-27 22:11 - 02187616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2017-04-13 17:52 - 2017-03-27 22:11 - 01738560 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-04-13 17:52 - 2017-03-27 22:11 - 00402784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2017-04-13 17:52 - 2017-03-27 22:10 - 02758648 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-04-13 17:52 - 2017-03-27 22:10 - 01157008 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2017-04-13 17:52 - 2017-03-27 22:04 - 01276760 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2017-04-13 17:52 - 2017-03-27 22:04 - 00241504 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHost.dll
2017-04-13 17:52 - 2017-03-27 22:04 - 00160088 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostBroker.dll
2017-04-13 17:52 - 2017-03-27 21:41 - 00372736 _____ (Microsoft Corporation) C:\Windows\System32\RDXTaskFactory.dll
2017-04-13 17:52 - 2017-03-27 21:41 - 00299008 _____ (Microsoft Corporation) C:\Windows\System32\rdpinit.exe
2017-04-13 17:52 - 2017-03-27 21:38 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-13 17:52 - 2017-03-27 21:37 - 22568960 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2017-04-13 17:52 - 2017-03-27 21:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\DdcWnsListener.dll
2017-04-13 17:52 - 2017-03-27 21:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\RdpRelayTransport.dll
2017-04-13 17:52 - 2017-03-27 21:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\odbcconf.dll
2017-04-13 17:52 - 2017-03-27 21:35 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\DisplayManager.dll
2017-04-13 17:52 - 2017-03-27 21:35 - 00090624 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Printers.dll
2017-04-13 17:52 - 2017-03-27 21:34 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp
2017-04-13 17:52 - 2017-03-27 21:34 - 00113664 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-13 17:52 - 2017-03-27 21:33 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-13 17:52 - 2017-03-27 21:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\System32\DeviceDirectoryClient.dll
2017-04-13 17:52 - 2017-03-27 21:32 - 00635904 _____ (Microsoft Corporation) C:\Windows\System32\FlightSettings.dll
2017-04-13 17:52 - 2017-03-27 21:32 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00418304 _____ C:\Windows\System32\Windows.Perception.Stub.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.BlockedShutdown.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\rdpencom.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00343552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.SmartCards.Phone.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00276992 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2017-04-13 17:52 - 2017-03-27 21:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
2017-04-13 17:52 - 2017-03-27 21:31 - 00171520 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.SerialCommunication.dll
2017-04-13 17:52 - 2017-03-27 21:31 - 00144896 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Lights.dll
2017-04-13 17:52 - 2017-03-27 21:30 - 00692224 _____ (Microsoft Corporation) C:\Windows\System32\CellularAPI.dll
2017-04-13 17:52 - 2017-03-27 21:30 - 00568320 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.LowLevel.dll
2017-04-13 17:52 - 2017-03-27 21:30 - 00505856 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.WiFiDirect.dll
2017-04-13 17:52 - 2017-03-27 21:30 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-13 17:52 - 2017-03-27 21:30 - 00239104 _____ (Microsoft Corporation) C:\Windows\System32\dafpos.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00912384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.SmartCards.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00311296 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00279552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00260608 _____ (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
2017-04-13 17:52 - 2017-03-27 21:29 - 00216576 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Scanners.dll
2017-04-13 17:52 - 2017-03-27 21:29 - 00088576 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-04-13 17:52 - 2017-03-27 21:28 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2017-04-13 17:52 - 2017-03-27 21:28 - 00431616 _____ (Microsoft Corporation) C:\Windows\System32\WpAXHolder.dll
2017-04-13 17:52 - 2017-03-27 21:28 - 00337408 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Picker.dll
2017-04-13 17:52 - 2017-03-27 21:28 - 00261632 _____ (Microsoft Corporation) C:\Windows\System32\indexeddbserver.dll
2017-04-13 17:52 - 2017-03-27 21:28 - 00252416 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-13 17:52 - 2017-03-27 21:27 - 00949248 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.PointOfService.dll
2017-04-13 17:52 - 2017-03-27 21:27 - 00671744 _____ (Microsoft Corporation) C:\Windows\System32\mbsmsapi.dll
2017-04-13 17:52 - 2017-03-27 21:27 - 00472064 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2017-04-13 17:52 - 2017-03-27 21:27 - 00441856 _____ (Microsoft Corporation) C:\Windows\System32\AccountsRt.dll
2017-04-13 17:52 - 2017-03-27 21:27 - 00425984 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2017-04-13 17:52 - 2017-03-27 21:26 - 00437248 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Usb.dll
2017-04-13 17:52 - 2017-03-27 21:26 - 00284160 _____ (Microsoft Corporation) C:\Windows\System32\AboveLockAppHost.dll
2017-04-13 17:52 - 2017-03-27 21:25 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-04-13 17:52 - 2017-03-27 21:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2017-04-13 17:52 - 2017-03-27 21:24 - 19416576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-13 17:52 - 2017-03-27 21:24 - 01220096 _____ (Microsoft Corporation) C:\Windows\System32\wscui.cpl
2017-04-13 17:52 - 2017-03-27 21:23 - 00932864 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-04-13 17:52 - 2017-03-27 21:23 - 00691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-13 17:52 - 2017-03-27 21:21 - 23681536 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-04-13 17:52 - 2017-03-27 21:21 - 01589760 _____ (Microsoft Corporation) C:\Windows\System32\msdtctm.dll
2017-04-13 17:52 - 2017-03-27 21:21 - 00104960 _____ (Microsoft Corporation) C:\Windows\System32\CastLaunch.dll
2017-04-13 17:52 - 2017-03-27 21:20 - 01105408 _____ (Microsoft Corporation) C:\Windows\System32\MiracastReceiver.dll
2017-04-13 17:52 - 2017-03-27 21:20 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\mfmjpegdec.dll
2017-04-13 17:52 - 2017-03-27 21:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\System32\PlayToDevice.dll
2017-04-13 17:52 - 2017-03-27 21:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\flvprophandler.dll
2017-04-13 17:52 - 2017-03-27 21:18 - 12181504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-13 17:52 - 2017-03-27 21:18 - 01908224 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2017-04-13 17:52 - 2017-03-27 21:18 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\wpninprc.dll
2017-04-13 17:52 - 2017-03-27 21:17 - 13087232 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-04-13 17:52 - 2017-03-27 21:17 - 00279552 _____ (Microsoft Corporation) C:\Windows\System32\PlayToReceiver.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00981504 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00945664 _____ (Microsoft Corporation) C:\Windows\System32\WpcWebFilter.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00937984 _____ (Microsoft Corporation) C:\Windows\System32\MCRecvSrc.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00539136 _____ (Microsoft Corporation) C:\Windows\System32\PlayToManager.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00467968 _____ (Microsoft Corporation) C:\Windows\System32\Geolocation.dll
2017-04-13 17:52 - 2017-03-27 21:15 - 00411648 _____ (Microsoft Corporation) C:\Windows\System32\SensorsApi.dll
2017-04-13 17:52 - 2017-03-27 21:14 - 08126976 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2017-04-13 17:52 - 2017-03-27 21:14 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-04-13 17:52 - 2017-03-27 21:14 - 00913920 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2017-04-13 17:52 - 2017-03-27 21:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
2017-04-13 17:52 - 2017-03-27 21:14 - 00779776 _____ (Microsoft Corporation) C:\Windows\System32\cscui.dll
2017-04-13 17:52 - 2017-03-27 21:14 - 00089088 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 06045184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 04474368 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 02095616 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-04-13 17:52 - 2017-03-27 21:13 - 01040896 _____ (Microsoft Corporation) C:\Windows\System32\NaturalLanguage6.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 00759296 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 00650752 _____ (Microsoft Corporation) C:\Windows\System32\RDXService.dll
2017-04-13 17:52 - 2017-03-27 21:13 - 00611328 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Graphics.Printing.dll
2017-04-13 17:52 - 2017-03-27 21:12 - 05611008 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2017-04-13 17:52 - 2017-03-27 21:12 - 02208768 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Graphics.Printing.3D.dll
2017-04-13 17:52 - 2017-03-27 21:12 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-13 17:52 - 2017-03-27 21:12 - 01509376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-13 17:52 - 2017-03-27 21:11 - 01275392 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Bluetooth.dll
2017-04-13 17:52 - 2017-03-27 21:10 - 01783296 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-04-13 17:52 - 2017-03-27 21:10 - 01637888 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2017-04-13 17:52 - 2017-03-27 21:10 - 01231872 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2017-04-13 17:52 - 2017-03-27 21:10 - 00875520 _____ (Microsoft Corporation) C:\Windows\System32\TokenBroker.dll
2017-04-13 17:52 - 2017-03-27 21:10 - 00774656 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Web.dll
2017-04-13 17:52 - 2017-03-27 21:09 - 01513472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2017-04-13 17:52 - 2017-03-27 21:09 - 01328640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Web.Http.dll
2017-04-13 17:52 - 2017-03-27 21:09 - 01131008 _____ (Microsoft Corporation) C:\Windows\System32\localspl.dll
2017-04-13 17:52 - 2017-03-27 21:08 - 02895872 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-04-13 17:52 - 2017-03-27 21:07 - 00908800 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll
2017-04-13 17:52 - 2017-03-27 21:07 - 00701952 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Connectivity.dll
2017-04-13 17:52 - 2017-03-27 21:07 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\FontProvider.dll
2017-04-13 17:52 - 2017-03-27 21:06 - 01121280 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2017-04-13 17:52 - 2017-03-27 21:06 - 00924672 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2017-04-13 17:52 - 2017-03-27 21:05 - 01633792 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-04-13 17:52 - 2017-03-27 21:04 - 00119808 ____R (Microsoft Corporation) C:\Windows\System32\SecureAssessmentHandlers.dll
2017-04-13 17:51 - 2017-03-27 22:36 - 01617760 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2017-04-13 17:51 - 2017-03-27 22:36 - 01294688 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2017-04-13 17:51 - 2017-03-27 22:36 - 00565088 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2017-04-13 17:51 - 2017-03-27 22:36 - 00343904 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2017-04-13 17:51 - 2017-03-27 22:36 - 00142176 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2017-04-13 17:51 - 2017-03-27 22:35 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-04-13 17:51 - 2017-03-27 22:26 - 00754528 _____ (Microsoft Corporation) C:\Windows\System32\AppVOrchestration.dll
2017-04-13 17:51 - 2017-03-27 22:26 - 00573280 _____ (Microsoft Corporation) C:\Windows\System32\AppVCatalog.dll
2017-04-13 17:51 - 2017-03-27 22:20 - 00764392 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2017-04-13 17:51 - 2017-03-27 22:10 - 00178528 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostUser.dll
2017-04-13 17:51 - 2017-03-27 22:10 - 00146776 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostCommon.dll
2017-04-13 17:51 - 2017-03-27 22:09 - 02446704 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2017-04-13 17:51 - 2017-03-27 22:09 - 00682816 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2017-04-13 17:51 - 2017-03-27 22:09 - 00624048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-04-13 17:51 - 2017-03-27 22:08 - 01267504 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2017-04-13 17:51 - 2017-03-27 22:08 - 01100128 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2017-04-13 17:51 - 2017-03-27 22:08 - 00989024 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2017-04-13 17:51 - 2017-03-27 22:04 - 01600632 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2017-04-13 17:51 - 2017-03-27 22:00 - 01569184 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2017-04-13 17:51 - 2017-03-27 22:00 - 00628552 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2017-04-13 17:51 - 2017-03-27 21:58 - 00372440 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.MediaControl.dll
2017-04-13 17:51 - 2017-03-27 21:44 - 07216640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2017-04-13 17:51 - 2017-03-27 21:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-04-13 17:51 - 2017-03-27 21:37 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\XblAuthManagerProxy.dll
2017-04-13 17:51 - 2017-03-27 21:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll
2017-04-13 17:51 - 2017-03-27 21:36 - 00045056 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-04-13 17:51 - 2017-03-27 21:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\System32\Family.Client.dll
2017-04-13 17:51 - 2017-03-27 21:35 - 00124416 _____ (Microsoft Corporation) C:\Windows\System32\Windows.System.SystemManagement.dll
2017-04-13 17:51 - 2017-03-27 21:34 - 00259072 _____ (Microsoft Corporation) C:\Windows\System32\Family.SyncEngine.dll
2017-04-13 17:51 - 2017-03-27 21:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\System32\dmcertinst.exe
2017-04-13 17:51 - 2017-03-27 21:34 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_ClosedCaptioning.dll
2017-04-13 17:51 - 2017-03-27 21:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\XblAuthTokenBrokerExt.dll
2017-04-13 17:51 - 2017-03-27 21:33 - 00196096 _____ (Microsoft Corporation) C:\Windows\System32\UserDeviceRegistration.dll
2017-04-13 17:51 - 2017-03-27 21:33 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.WiFi.dll
2017-04-13 17:51 - 2017-03-27 21:33 - 00122880 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryClient.dll
2017-04-13 17:51 - 2017-03-27 21:33 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\UserDeviceRegistration.Ngc.dll
2017-04-13 17:51 - 2017-03-27 21:33 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\Windows.System.UserDeviceAssociation.dll
2017-04-13 17:51 - 2017-03-27 21:32 - 00368640 _____ (Microsoft Corporation) C:\Windows\System32\OneBackupHandler.dll
2017-04-13 17:51 - 2017-03-27 21:32 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Radios.dll
2017-04-13 17:51 - 2017-03-27 21:31 - 00547840 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Gaming.Input.dll
2017-04-13 17:51 - 2017-03-27 21:31 - 00289792 _____ (Microsoft Corporation) C:\Windows\System32\DeveloperOptionsSettingsHandlers.dll
2017-04-13 17:51 - 2017-03-27 21:31 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\CloudDomainJoinDataModelServer.dll
2017-04-13 17:51 - 2017-03-27 21:30 - 00651264 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.AllJoyn.dll
2017-04-13 17:51 - 2017-03-27 21:30 - 00268800 _____ (Microsoft Corporation) C:\Windows\System32\UserMgrProxy.dll
2017-04-13 17:51 - 2017-03-27 21:30 - 00049664 _____ (Microsoft Corporation) C:\Windows\System32\TokenBrokerUI.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00852480 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Import.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00379904 _____ (Microsoft Corporation) C:\Windows\System32\apprepsync.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\vaultcli.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00206336 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-04-13 17:51 - 2017-03-27 21:29 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll
2017-04-13 17:51 - 2017-03-27 21:28 - 00407552 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Management.dll
2017-04-13 17:51 - 2017-03-27 21:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\System32\apprepapi.dll
2017-04-13 17:51 - 2017-03-27 21:27 - 01060352 _____ (Microsoft Corporation) C:\Windows\System32\AppContracts.dll
2017-04-13 17:51 - 2017-03-27 21:27 - 00645120 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2017-04-13 17:51 - 2017-03-27 21:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2017-04-13 17:51 - 2017-03-27 21:26 - 00329728 _____ (Microsoft Corporation) C:\Windows\System32\deviceaccess.dll
2017-04-13 17:51 - 2017-03-27 21:25 - 01010176 _____ (Microsoft Corporation) C:\Windows\System32\enterprisecsps.dll
2017-04-13 17:51 - 2017-03-27 21:25 - 00966144 _____ (Microsoft Corporation) C:\Windows\System32\sbe.dll
2017-04-13 17:51 - 2017-03-27 21:25 - 00896512 _____ (Microsoft Corporation) C:\Windows\System32\Windows.AccountsControl.dll
2017-04-13 17:51 - 2017-03-27 21:25 - 00775168 _____ (Microsoft Corporation) C:\Windows\System32\GamePanel.exe
2017-04-13 17:51 - 2017-03-27 21:24 - 00410112 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2017-04-13 17:51 - 2017-03-27 21:23 - 09130496 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2017-04-13 17:51 - 2017-03-27 21:23 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2017-04-13 17:51 - 2017-03-27 21:19 - 00295424 _____ (Microsoft Corporation) C:\Windows\System32\dlnashext.dll
2017-04-13 17:51 - 2017-03-27 21:17 - 05114368 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2017-04-13 17:51 - 2017-03-27 21:17 - 04749312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2017-04-13 17:51 - 2017-03-27 21:16 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\ErrorDetails.dll
2017-04-13 17:51 - 2017-03-27 21:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\vss_ps.dll
2017-04-13 17:51 - 2017-03-27 21:15 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Devices.dll
2017-04-13 17:51 - 2017-03-27 21:14 - 01692160 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2017-04-13 17:51 - 2017-03-27 21:14 - 01643008 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Speech.dll
2017-04-13 17:51 - 2017-03-27 21:14 - 00869888 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2017-04-13 17:51 - 2017-03-27 21:13 - 01359872 _____ (Microsoft Corporation) C:\Windows\System32\SharedStartModel.dll
2017-04-13 17:51 - 2017-03-27 21:13 - 00460800 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Midi.dll
2017-04-13 17:51 - 2017-03-27 21:12 - 00376832 _____ (Microsoft Corporation) C:\Windows\System32\CryptoWinRT.dll
2017-04-13 17:51 - 2017-03-27 21:11 - 02914816 _____ (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll
2017-04-13 17:51 - 2017-03-27 21:10 - 02316288 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2017-04-13 17:51 - 2017-03-27 21:10 - 01586176 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2017-04-13 17:51 - 2017-03-27 21:09 - 01064448 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2017-04-13 17:51 - 2017-03-27 21:09 - 00716800 _____ (Microsoft Corporation) C:\Windows\System32\ShareHost.dll
2017-04-13 17:51 - 2017-03-27 21:08 - 03612672 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2017-04-13 17:51 - 2017-03-27 21:08 - 03542016 _____ (Microsoft Corporation) C:\Windows\System32\actxprxy.dll
2017-04-13 17:51 - 2017-03-27 21:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\enrollmentapi.dll
2017-04-13 17:51 - 2017-03-18 08:50 - 00956416 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2017-04-13 17:51 - 2017-03-18 08:35 - 02278400 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2017-04-13 17:51 - 2017-03-15 20:47 - 00038768 _____ (Microsoft Corporation) C:\Windows\System32\CompPkgSup.dll
2017-04-11 22:28 - 2017-04-11 22:28 - 00000000 ____D C:\Users\Administrator2\AppData\Local\PeerDistRepub
2017-04-10 16:00 - 2017-04-10 16:01 - 00000000 ____D C:\Users\Niko\Desktop\miqotenewbody
2017-04-10 10:32 - 2017-04-10 10:32 - 00001973 _____ C:\Users\Niko\Desktop\skse_loader - Shortcut.lnk
2017-04-10 10:25 - 2015-05-23 16:54 - 00000000 ____D C:\Users\Niko\Desktop\skse_1_07_03
2017-04-10 10:18 - 2017-04-10 10:18 - 00000221 _____ C:\Users\Niko\Desktop\The Elder Scrolls V Skyrim.url
2017-04-10 10:11 - 2017-04-10 10:11 - 00000931 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2017-04-10 10:11 - 2017-04-10 10:11 - 00000000 ____D C:\Users\Niko\AppData\Local\Black_Tree_Gaming
2017-04-10 10:11 - 2017-04-10 10:11 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2017-04-10 10:05 - 2017-04-10 23:37 - 00000000 ____D C:\Users\Niko\AppData\Local\Skyrim
2017-04-10 09:59 - 2010-02-04 09:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2017-04-10 09:59 - 2010-02-04 09:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-04-10 09:59 - 2009-09-04 16:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2017-04-10 09:59 - 2009-09-04 16:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-04-10 09:59 - 2009-09-04 16:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-04-10 09:59 - 2009-09-04 16:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2017-04-10 09:59 - 2009-09-04 16:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2017-04-10 09:58 - 2009-09-04 16:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2017-04-10 09:58 - 2009-09-04 16:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2017-04-10 09:58 - 2009-09-04 16:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2017-04-10 09:58 - 2009-03-16 13:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-04-10 09:58 - 2009-03-09 14:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2017-04-10 09:58 - 2009-03-09 14:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2017-04-10 09:58 - 2009-03-09 14:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-04-10 09:58 - 2009-03-09 14:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2017-04-10 09:58 - 2009-03-09 14:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2017-04-10 09:58 - 2008-10-27 09:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2017-04-10 09:58 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-04-10 09:58 - 2008-07-31 09:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-04-10 09:58 - 2008-07-31 09:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2017-04-10 09:58 - 2008-07-31 09:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2017-04-10 09:58 - 2008-07-31 09:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2017-04-10 09:58 - 2008-07-10 10:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2017-04-10 09:58 - 2008-07-10 10:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2017-04-10 09:58 - 2008-07-10 10:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2017-04-10 09:58 - 2008-05-30 13:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2017-04-10 09:58 - 2008-05-30 13:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-04-10 09:58 - 2008-05-30 13:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-04-10 09:58 - 2008-05-30 13:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2017-04-10 09:58 - 2008-05-30 13:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2017-04-10 09:58 - 2008-05-30 13:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-04-10 09:58 - 2008-05-30 13:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-04-10 09:58 - 2008-05-30 13:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2017-04-10 09:58 - 2008-05-30 13:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-04-10 09:58 - 2008-03-05 15:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2017-04-10 09:58 - 2008-03-05 15:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-04-10 09:58 - 2008-03-05 15:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-04-10 09:58 - 2008-03-05 15:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2017-04-10 09:58 - 2008-03-05 15:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2017-04-10 09:58 - 2008-03-05 15:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-04-10 09:58 - 2008-03-05 14:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2017-04-10 09:58 - 2008-03-05 14:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-04-10 09:58 - 2008-03-05 14:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2017-04-10 09:58 - 2008-03-05 14:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-04-10 09:58 - 2008-02-05 22:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2017-04-10 09:58 - 2008-02-05 22:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-04-10 09:58 - 2007-10-22 02:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2017-04-10 09:58 - 2007-10-22 02:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-04-10 09:58 - 2007-10-22 02:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2017-04-10 09:58 - 2007-10-22 02:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-04-10 09:58 - 2007-10-12 14:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2017-04-10 09:58 - 2007-10-12 14:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-04-10 09:58 - 2007-10-12 14:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2017-04-10 09:58 - 2007-10-12 14:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-04-10 09:58 - 2007-10-02 08:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2017-04-10 09:58 - 2007-10-02 08:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-04-10 09:58 - 2007-07-19 23:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2017-04-10 09:58 - 2007-07-19 23:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2017-04-10 09:58 - 2007-07-19 17:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-04-10 09:58 - 2007-06-20 19:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2017-04-10 09:58 - 2007-06-20 19:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2017-04-10 09:58 - 2007-05-16 15:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-04-10 09:58 - 2007-04-04 17:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2017-04-10 09:58 - 2007-04-04 17:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-04-10 09:58 - 2007-04-04 17:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2017-04-10 09:58 - 2007-03-15 15:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2017-04-10 09:58 - 2007-03-15 15:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-04-10 09:58 - 2007-03-12 15:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2017-04-10 09:58 - 2007-03-12 15:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-04-10 09:58 - 2007-03-12 15:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2017-04-10 09:58 - 2007-03-12 15:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-04-10 09:58 - 2007-03-05 11:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2017-04-10 09:58 - 2007-03-05 11:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-04-10 09:58 - 2007-01-24 14:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2017-04-10 09:58 - 2007-01-24 14:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-04-10 09:58 - 2006-12-08 11:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-04-10 09:58 - 2006-12-08 11:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2017-04-10 09:58 - 2006-11-29 12:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2017-04-10 09:58 - 2006-11-29 12:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-04-10 09:58 - 2006-11-29 12:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2017-04-10 09:58 - 2006-11-29 12:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-04-10 09:58 - 2006-09-28 15:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2017-04-10 09:58 - 2006-09-28 15:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-04-10 09:58 - 2006-09-28 15:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-04-10 09:58 - 2006-09-28 15:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2017-04-10 09:58 - 2006-07-28 08:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2017-04-10 09:58 - 2006-07-28 08:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2017-04-10 09:58 - 2006-07-28 08:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-04-10 09:58 - 2006-07-28 08:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-04-10 09:58 - 2006-05-31 06:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-04-10 09:58 - 2006-05-31 06:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2017-04-10 09:58 - 2006-03-31 11:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2017-04-10 09:58 - 2006-03-31 11:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-04-10 09:58 - 2006-03-31 11:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2017-04-10 09:58 - 2006-03-31 11:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-04-10 09:57 - 2006-03-31 11:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2017-04-10 09:57 - 2006-03-31 11:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-04-10 09:57 - 2006-02-03 07:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2017-04-10 09:57 - 2006-02-03 07:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-04-10 09:57 - 2006-02-03 07:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2017-04-10 09:57 - 2006-02-03 07:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-04-10 09:57 - 2006-02-03 07:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2017-04-10 09:57 - 2006-02-03 07:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-04-10 09:57 - 2005-12-05 17:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2017-04-10 09:57 - 2005-12-05 17:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-04-10 09:57 - 2005-07-22 18:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2017-04-10 09:57 - 2005-07-22 18:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-04-10 09:57 - 2005-05-26 14:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2017-04-10 09:57 - 2005-05-26 14:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-04-10 09:57 - 2005-03-18 16:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2017-04-10 09:57 - 2005-03-18 16:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-04-10 09:57 - 2005-02-05 18:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2017-04-10 09:57 - 2005-02-05 18:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-04-08 20:27 - 2017-04-08 20:28 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Mount&Blade Warband
2017-04-08 20:27 - 2009-09-04 16:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-04-08 20:27 - 2009-09-04 16:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-04-08 20:27 - 2009-03-09 14:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-04-08 20:27 - 2007-04-04 17:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-04-08 19:43 - 2017-04-08 19:43 - 03323532 _____ C:\Users\Niko\Downloads\Altman_Vaudeville.pdf
2017-04-08 19:42 - 2017-04-08 19:47 - 185515082 _____ C:\Users\Niko\Downloads\9Star Films 1905 Catalogue copy.pdf
2017-04-08 19:42 - 2017-04-08 19:43 - 12898939 _____ C:\Users\Niko\Downloads\9AM&B The Mutoscope A Moneymaker 1898 copy.pdf
2017-04-08 19:42 - 2017-04-08 19:43 - 05206731 _____ C:\Users\Niko\Downloads\Abel, The French Rooster Rules the Roost.pdf
2017-04-08 19:42 - 2017-04-08 19:42 - 06067282 _____ C:\Users\Niko\Downloads\9Catalogue of New Films 1899.pdf
2017-04-08 19:42 - 2017-04-08 19:42 - 02146661 _____ C:\Users\Niko\Downloads\9Edison Films The Great Train Robbery.pdf
2017-04-08 19:42 - 2017-04-08 19:42 - 01607281 _____ C:\Users\Niko\Downloads\Gaudreault.pdf
2017-04-08 19:41 - 2017-04-08 19:46 - 154472986 _____ C:\Users\Niko\Downloads\The_Oxford_History_Of_World_Cinema.PDF
2017-04-08 19:41 - 2017-04-08 19:45 - 124268413 _____ C:\Users\Niko\Downloads\9AM&B Photocatlogue 1898, 1905 Vol 1 Nos 1-499 copy.pdf
2017-04-07 17:21 - 2017-04-07 17:26 - 00001749 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-04-07 17:21 - 2017-04-07 17:21 - 00000000 ____D C:\Riot Games
2017-04-07 17:21 - 2008-07-31 09:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-04-07 17:21 - 2008-07-31 09:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-04-07 17:21 - 2008-07-12 07:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-04-07 17:21 - 2008-07-12 07:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-04-07 17:21 - 2008-07-12 07:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-04-07 17:06 - 2017-04-07 17:21 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Riot Games
2017-04-07 17:05 - 2017-04-07 17:06 - 28411368 _____ (Riot Games) C:\Users\Niko\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe
2017-04-06 19:44 - 2017-04-06 19:44 - 01010545 _____ C:\Users\Niko\Downloads\taylor_cisgender-privilege.pdf
2017-04-06 19:35 - 2017-04-06 19:35 - 00107997 _____ C:\Users\Niko\Downloads\S Somerville Queer.pdf
2017-04-06 18:37 - 2017-04-06 18:37 - 00000000 ____D C:\Users\Niko\AppData\Local\Steam
2017-04-06 13:00 - 2017-04-06 13:00 - 00610697 _____ C:\Users\Niko\Downloads\1149275.pdf
2017-04-06 12:10 - 2017-04-06 12:10 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-04-04 15:49 - 2017-04-11 17:23 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-04 15:49 - 2017-04-11 17:23 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-04 15:49 - 2017-04-04 15:49 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 15:48 - 2017-04-05 08:47 - 00000000 ____D C:\Users\Niko\AppData\Local\Google
2017-04-04 15:48 - 2017-04-04 15:49 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-04 15:48 - 2017-04-04 15:48 - 01129376 _____ (Google Inc.) C:\Users\Niko\Downloads\ChromeSetup.exe
2017-04-01 20:47 - 2017-04-01 20:47 - 00000000 ____D C:\Windows\System32\appmgmt
2017-04-01 20:43 - 2017-04-06 12:11 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Apple Computer
2017-04-01 20:43 - 2017-04-01 20:43 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-01 20:43 - 2017-04-01 20:43 - 00000000 ____D C:\Users\Niko\AppData\Local\Apple Computer
2017-04-01 20:41 - 2017-04-01 20:43 - 00000000 ____D C:\Program Files\iTunes
2017-04-01 20:41 - 2017-04-01 20:41 - 00000000 ____D C:\Users\Administrator2\AppData\Local\Apple
2017-04-01 20:41 - 2017-04-01 20:41 - 00000000 ____D C:\ProgramData\Apple Computer
2017-04-01 20:41 - 2017-04-01 20:41 - 00000000 ____D C:\Program Files\iPod
2017-04-01 20:41 - 2017-04-01 20:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-01 20:40 - 2017-04-01 20:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-01 20:40 - 2017-04-01 20:40 - 00000000 ____D C:\Program Files\Bonjour
2017-04-01 20:40 - 2017-04-01 20:40 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-01 20:39 - 2017-04-01 20:41 - 00000000 ____D C:\ProgramData\Apple
2017-04-01 20:32 - 2017-04-15 14:15 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-01 20:32 - 2017-04-01 20:32 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2017-04-01 20:31 - 2017-04-01 20:31 - 00000000 ____D C:\Program Files\7-Zip
2017-04-01 20:30 - 2017-04-17 00:30 - 00251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-04-01 20:30 - 2017-04-16 06:34 - 00077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-04-01 20:30 - 2017-04-16 00:28 - 00092096 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-04-01 20:30 - 2017-04-16 00:28 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-04-01 20:30 - 2017-04-15 15:28 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-04-01 20:30 - 2017-04-01 20:30 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-04-01 20:30 - 2017-04-01 20:30 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-01 20:30 - 2017-04-01 20:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 20:30 - 2017-04-01 20:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-01 20:29 - 2017-04-01 20:33 - 05718872 _____ (Microsoft Corporation) C:\Users\Niko\Downloads\vcredist_x64.exe
2017-04-01 20:26 - 2017-04-01 20:32 - 01446792 _____ C:\Users\Niko\Downloads\SteamSetup.exe
2017-04-01 20:25 - 2017-04-01 20:26 - 01381582 _____ (Igor Pavlov) C:\Users\Niko\Downloads\7z1604-x64.exe
2017-04-01 20:24 - 2017-04-01 20:29 - 59272008 _____ (Malwarebytes ) C:\Users\Niko\Downloads\mb3-setup-consumer-3.0.6.1469-1096.exe
2017-04-01 20:21 - 2017-04-01 20:38 - 257659208 _____ (Apple Inc.) C:\Users\Niko\Downloads\iTunes64Setup.exe
2017-04-01 16:49 - 2017-04-01 16:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 16:48 - 2017-04-01 16:48 - 00000000 ____D C:\Program Files (x86)\Seagate
2017-04-01 16:46 - 2017-04-01 16:48 - 26157600 _____ C:\Users\Niko\Desktop\SeaToolsforWindowsSetup.exe
2017-04-01 15:27 - 2017-04-01 15:27 - 00004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9BB441A3-780C-42F6-9D33-7885C4E98D70}
2017-04-01 14:30 - 2017-04-01 16:01 - 00000104 _____ C:\Users\Niko\Desktop\reply.txt
2017-04-01 14:24 - 2017-04-14 17:16 - 00000000 ____D C:\Users\Niko\AppData\Roaming\NVIDIA
2017-04-01 14:23 - 2017-04-01 14:23 - 00001339 _____ C:\Users\Administrator2\Desktop\FurMark.lnk
2017-04-01 14:23 - 2017-04-01 14:23 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2017-04-01 14:08 - 2017-04-01 14:08 - 00000000 ____D C:\Users\Administrator2\AppData\Local\Comms
2017-04-01 14:07 - 2017-04-01 14:07 - 00000000 ____D C:\Users\Administrator2\AppData\Roaming\Skype
2017-04-01 14:06 - 2017-04-01 14:06 - 00000000 ____D C:\Users\Administrator2\AppData\Local\Publishers
2017-04-01 14:05 - 2017-04-01 14:18 - 00000000 ____D C:\Users\Administrator2\AppData\Local\Packages
2017-04-01 14:05 - 2017-04-01 14:05 - 00000000 ____D C:\Users\Administrator2\AppData\Roaming\Adobe
2017-04-01 14:05 - 2017-04-01 14:05 - 00000000 ____D C:\Users\Administrator2\AppData\Local\VirtualStore
2017-04-01 14:05 - 2017-04-01 14:05 - 00000000 ____D C:\Users\Administrator2\AppData\Local\TileDataLayer
2017-04-01 14:04 - 2017-04-01 14:18 - 00000000 ____D C:\Users\Administrator2\AppData\Local\ConnectedDevicesPlatform
2017-04-01 14:04 - 2017-04-01 14:04 - 00000020 ___SH C:\Users\Administrator2\ntuser.ini
2017-04-01 14:04 - 2017-04-01 14:04 - 00000000 ____D C:\Users\Administrator2\AppData\Roaming\Synaptics
2017-04-01 13:36 - 2017-04-01 13:39 - 05802211 _____ (Geeks3D ) C:\Users\Niko\Desktop\FurMark_1.18.2.0_Setup.exe
2017-04-01 13:20 - 2017-04-01 13:20 - 00055897 _____ C:\Users\Niko\Downloads\memtest86+-5.01.zip
2017-04-01 13:19 - 2017-04-01 13:33 - 00059523 _____ C:\Users\Niko\Desktop\memtest86+-5.01.iso.zip
2017-04-01 13:15 - 2017-04-17 00:01 - 00000000 ____D C:\Users\Niko\AppData\LocalLow\Mozilla
2017-04-01 13:13 - 2017-04-01 13:19 - 00000000 ____D C:\Users\Niko\AppData\Local\Mozilla
2017-04-01 13:13 - 2017-04-01 13:15 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Mozilla
2017-04-01 13:12 - 2017-04-01 13:12 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-01 13:12 - 2017-04-01 13:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2017-04-01 13:12 - 2017-04-01 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-01 13:12 - 2017-04-01 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-01 13:10 - 2017-04-01 13:10 - 00245416 _____ C:\Users\Niko\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-01 13:10 - 2017-04-01 13:10 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2017-03-31 21:05 - 2017-04-07 16:52 - 00532136 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2017-03-31 21:03 - 2017-04-14 16:54 - 00000000 ____D C:\Windows\System32\MRT
2017-03-31 21:03 - 2017-04-14 16:50 - 148601744 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-03-31 20:29 - 2017-03-31 20:29 - 00000000 ____D C:\Users\Niko\AppData\Local\CEF
2017-03-31 20:28 - 2017-03-31 20:28 - 00000000 ____D C:\ProgramData\Riot Games
2017-03-31 19:21 - 2017-04-14 20:58 - 00000000 ____D C:\Users\Niko\AppData\Local\CrashDumps
2017-03-31 19:15 - 2017-03-31 19:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-31 19:15 - 2017-03-31 19:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-31 19:15 - 2017-02-06 03:07 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-31 19:15 - 2016-09-09 10:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-31 19:15 - 2016-09-09 10:25 - 00261920 _____ C:\Windows\System32\vulkan-1.dll
2017-03-31 19:15 - 2016-09-09 10:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-31 19:15 - 2016-09-09 10:24 - 00125216 _____ C:\Windows\System32\vulkaninfo.exe
2017-03-31 18:57 - 2017-04-08 00:54 - 00003272 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-31 18:56 - 2017-03-31 18:56 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Skype
2017-03-31 18:45 - 2017-03-31 18:45 - 00000000 ____D C:\Users\Niko\AppData\Local\MicrosoftEdge
2017-03-31 17:34 - 2017-03-31 17:34 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Macromedia
2017-03-31 17:32 - 2017-03-31 17:32 - 00000000 ____D C:\Users\Niko\AppData\Local\Comms
2017-03-31 17:32 - 2017-03-31 17:32 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-31 17:31 - 2017-03-31 17:31 - 00000000 ____D C:\Users\Niko\AppData\Local\Publishers
2017-03-31 17:30 - 2017-04-10 10:51 - 00000000 ____D C:\Users\Niko\AppData\Local\Packages
2017-03-31 17:30 - 2017-04-01 14:23 - 00000000 ____D C:\Users\Niko\AppData\Local\VirtualStore
2017-03-31 17:30 - 2017-03-31 18:16 - 00000000 ____D C:\Users\Niko\AppData\Local\ConnectedDevicesPlatform
2017-03-31 17:30 - 2017-03-31 17:30 - 00000020 ___SH C:\Users\Niko\ntuser.ini
2017-03-31 17:30 - 2017-03-31 17:30 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Synaptics
2017-03-31 17:30 - 2017-03-31 17:30 - 00000000 ____D C:\Users\Niko\AppData\Roaming\Adobe
2017-03-31 17:30 - 2017-03-31 17:30 - 00000000 ____D C:\Users\Niko\AppData\Local\TileDataLayer
2017-03-31 17:30 - 2017-03-31 17:30 - 00000000 ____D C:\ProgramData\Synaptics
2017-03-31 15:16 - 2017-03-31 15:16 - 00000000 ____D C:\Windows\InfusedApps
2017-03-31 15:16 - 2017-03-31 14:47 - 00000000 ___DC C:\Windows\Panther
2017-03-31 15:15 - 2017-04-08 20:13 - 00000000 ____D C:\Windows.old
2017-03-31 15:14 - 2017-03-31 15:14 - 00008192 _____ C:\Windows\System32\config\userdiff
2017-03-31 15:14 - 2017-03-31 14:19 - 00000000 ____D C:\Windows\ServiceProfiles
2017-03-31 15:12 - 2017-03-31 15:12 - 00000000 ____D C:\Program Files\Synaptics
2017-03-31 15:12 - 2017-03-31 15:12 - 00000000 ____D C:\Program Files (x86)\HP
2017-03-31 15:11 - 2017-03-31 15:11 - 00000000 ____D C:\Windows\Setup
2017-03-31 15:07 - 2017-03-31 15:07 - 00000000 ____D C:\Windows\OCR
2017-03-31 15:07 - 2017-03-31 15:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-03-31 15:07 - 2017-03-31 15:07 - 00000000 ____D C:\Program Files\MSBuild
2017-03-31 15:07 - 2017-03-31 15:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-03-31 15:07 - 2017-03-31 15:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\0409
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\winrm
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\WCN
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\slmgr
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\0409
2017-03-31 15:06 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\DigitalLocker
2017-03-31 15:02 - 2017-04-01 10:52 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-31 15:02 - 2017-04-01 10:52 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-31 15:00 - 2017-04-17 00:00 - 00000000 ____D C:\Windows\AppReadiness
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ___SD C:\Windows\SysWOW64\F12
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ___SD C:\Windows\System32\F12
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\System32\setup
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\System32\Dism
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\System32\appraiser
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\ShellExperiences
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\Provisioning
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Program Files\Windows Defender
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-31 15:00 - 2017-04-16 23:54 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-31 15:00 - 2017-04-15 15:04 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-03-31 15:00 - 2017-04-15 11:05 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-31 15:00 - 2017-04-01 20:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-31 15:00 - 2017-04-01 13:11 - 00000000 ____D C:\Windows\appcompat
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\System32\Sysprep
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\System32\oobe
2017-03-31 15:00 - 2017-03-31 21:51 - 00000000 ____D C:\Windows\System32\migwiz
2017-03-31 15:00 - 2017-03-31 21:50 - 00000000 ___SD C:\Windows\System32\dsc
2017-03-31 15:00 - 2017-03-31 21:50 - 00000000 ___SD C:\Windows\System32\DiagSvcs
2017-03-31 15:00 - 2017-03-31 21:50 - 00000000 ___RD C:\Windows\PrintDialog
2017-03-31 15:00 - 2017-03-31 21:50 - 00000000 ____D C:\Windows\bcastdvr
2017-03-31 15:00 - 2017-03-31 21:50 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-03-31 15:00 - 2017-03-31 21:48 - 00015425 _____ C:\Windows\System32\OEMDefaultAssociations.xml
2017-03-31 15:00 - 2017-03-31 15:15 - 00028672 _____ C:\Windows\System32\config\BCD-Template
2017-03-31 15:00 - 2017-03-31 15:07 - 00000000 ____D C:\Windows\SystemApps
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\MUI
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\System32\Com
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Windows\IME
2017-03-31 15:00 - 2017-03-31 15:06 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 __RSD C:\Windows\Media
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___SD C:\Windows\SysWOW64\Nui
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___SD C:\Windows\SysWOW64\Configuration
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___SD C:\Windows\System32\Nui
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___SD C:\Windows\System32\Configuration
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___RD C:\Windows\Offline Web Pages
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Web
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Vss
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\tracing
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\TAPI
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\WinMetadata
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\SMI
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\ras
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\NDF
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\MsDtc
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\MailContactsCalendarSync
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\Ipmi
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\IME
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicyUsers
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\FxsTmp
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\downlevel
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\Bthprops
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\AppLocker
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SystemResources
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\WinMetadata
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\winevt
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\spool
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\SecureBootUpdates
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\ras
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\ProximityToast
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\PointOfService
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\NDF
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\MsDtc
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\MailContactsCalendarSync
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\Ipmi
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\InputMethod
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\inetsrv
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\IME
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\icsxml
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\ias
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\GroupPolicyUsers
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\downlevel
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\DDFs
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\config\Journal
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\Bthprops
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\AppLocker
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SKB
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\security
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\schemas
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\SchCache
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Resources
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\RemotePackages
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Registration
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\PLA
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Performance
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\ModemLogs
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\LiveKernelReports
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\L2Schemas
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\InputMethod
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Globalization
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\GameBarPresenceWriter
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Cursors
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\Branding
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\addins
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\ProgramData\Comms
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files\Windows NT
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files\Common Files\Services
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-03-31 15:00 - 2017-03-31 15:00 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-31 15:00 - 2017-03-31 14:58 - 00231424 _____ (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2017-03-31 15:00 - 2017-03-31 14:58 - 00215943 _____ C:\Windows\SysWOW64\dssec.dat
2017-03-31 15:00 - 2017-03-31 14:58 - 00215943 _____ C:\Windows\System32\dssec.dat
2017-03-31 15:00 - 2017-03-31 14:58 - 00209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-03-31 15:00 - 2017-03-31 14:58 - 00017463 _____ C:\Windows\System32\Drivers\etc\services
2017-03-31 15:00 - 2017-03-31 14:58 - 00004096 _____ C:\Windows\System32\config\VSMIDK
2017-03-31 15:00 - 2017-03-31 14:58 - 00003683 _____ C:\Windows\System32\Drivers\etc\lmhosts.sam
2017-03-31 15:00 - 2017-03-31 14:58 - 00001358 _____ C:\Windows\System32\Drivers\etc\protocol
2017-03-31 15:00 - 2017-03-31 14:58 - 00000858 _____ C:\Windows\System32\DefaultQuestions.json
2017-03-31 15:00 - 2017-03-31 14:58 - 00000741 _____ C:\Windows\SysWOW64\NOISE.DAT
2017-03-31 15:00 - 2017-03-31 14:58 - 00000741 _____ C:\Windows\System32\NOISE.DAT
2017-03-31 15:00 - 2017-03-31 14:58 - 00000407 _____ C:\Windows\System32\Drivers\etc\networks
2017-03-31 15:00 - 2017-03-31 14:58 - 00000219 _____ C:\Windows\system.ini
2017-03-31 15:00 - 2017-03-31 14:58 - 00000092 _____ C:\Windows\win.ini
2017-03-31 15:00 - 2017-03-31 14:50 - 00000000 ____D C:\Windows\rescache
2017-03-31 15:00 - 2017-03-31 14:45 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-31 15:00 - 2017-03-31 14:45 - 00000000 ____D C:\Windows\System32\WinBioDatabase
2017-03-31 15:00 - 2017-03-31 14:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-31 15:00 - 2017-03-31 14:37 - 00000000 ____D C:\Windows\System32\FxsTmp
2017-03-31 15:00 - 2017-03-31 14:36 - 00000000 ____D C:\Windows\CSC
2017-03-31 15:00 - 2017-03-31 14:30 - 00000000 ___RD C:\Windows\MiracastView
2017-03-31 15:00 - 2017-03-31 14:28 - 00000000 ____D C:\Windows\Help
2017-03-31 15:00 - 2017-03-31 14:21 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-31 15:00 - 2017-01-13 18:38 - 00103936 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2017-03-31 14:59 - 2017-04-17 00:03 - 00000000 ____D C:\Windows\INF
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\users\Default User
2017-03-31 14:47 - 2017-03-31 14:47 - 00000000 _SHDL C:\users\All Users
2017-03-31 14:46 - 2017-03-31 14:46 - 00018596 _____ C:\Users\Niko Guest Space\Desktop\Removed Apps.html
2017-03-31 14:46 - 2017-03-31 14:46 - 00018194 _____ C:\Users\Administrator\Desktop\Removed Apps.html
2017-03-31 14:45 - 2017-04-16 19:40 - 00000000 ____D C:\Windows\CbsTemp
2017-03-31 14:45 - 2017-03-31 14:45 - 00018912 _____ C:\Users\Niko\Desktop\Removed Apps.html
2017-03-31 14:45 - 2017-03-31 14:45 - 00018194 _____ C:\Users\Administrator2\Desktop\Removed Apps.html
2017-03-31 14:42 - 2017-04-17 00:04 - 01096162 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-31 14:37 - 2017-04-16 23:56 - 02097152 _____ C:\Windows\System32\config\BBI
2017-03-31 14:37 - 2017-03-31 21:50 - 00000000 ____D C:\Windows\servicing
2017-03-31 14:37 - 2017-03-31 15:00 - 00000000 ____D C:\Windows\System32\SMI
2017-03-31 14:37 - 2017-03-31 14:20 - 00032768 _____ C:\Windows\System32\config\ELAM
2017-03-31 14:35 - 2017-04-16 23:59 - 00000000 ____D C:\users\Niko
2017-03-31 14:35 - 2017-04-01 20:32 - 00000000 ___HD C:\$SysReset
2017-03-31 14:35 - 2017-04-01 14:19 - 00000000 ____D C:\users\Administrator2
2017-03-31 14:35 - 2017-04-01 13:10 - 00000000 ____D C:\users\Administrator
2017-03-31 14:35 - 2017-03-31 14:44 - 00000000 ____D C:\users\Niko Guest Space
2017-03-31 14:35 - 2017-03-31 14:44 - 00000000 ____D C:\users\DefaultAppPool
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko\My Documents
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Videos
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Pictures
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko\Documents\My Music
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko Guest Space\My Documents
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko Guest Space\Documents\My Videos
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko Guest Space\Documents\My Pictures
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Niko Guest Space\Documents\My Music
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator2\My Documents
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator2\Documents\My Videos
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator2\Documents\My Pictures
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator2\Documents\My Music
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator\My Documents
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2017-03-31 14:35 - 2017-03-31 14:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2017-03-31 14:28 - 2017-04-17 10:52 - 00000000 ____D C:\ProgramData\Validity
2017-03-31 14:28 - 2017-04-17 10:52 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-31 14:28 - 2017-03-31 14:28 - 00014568 _____ C:\Windows\System32\Drivers\rtkhdasetting.zip
2017-03-31 14:28 - 2017-03-31 14:28 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-03-31 14:28 - 2017-03-31 14:28 - 00000000 ____D C:\Windows\System32\SRSLabs
2017-03-31 14:28 - 2017-03-31 14:28 - 00000000 ____D C:\ProgramData\SRS Labs
2017-03-31 14:28 - 2017-03-31 14:28 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-31 14:28 - 2017-03-31 14:28 - 00000000 ____D C:\Program Files\Realtek
2017-03-31 14:28 - 2017-02-06 03:37 - 06384576 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 02475968 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 01764408 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 00546752 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 00392128 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 00083512 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2017-03-31 14:28 - 2017-02-06 03:37 - 00071224 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2017-03-31 14:28 - 2017-02-02 21:11 - 07774507 _____ C:\Windows\System32\nvcoproc.bin
2017-03-31 14:27 - 2017-04-17 00:00 - 00000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-31 14:27 - 2017-03-31 19:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-31 14:27 - 2017-03-31 19:05 - 00000200 _____ C:\Windows\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-31 14:27 - 2017-03-31 14:27 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-03-31 14:27 - 2017-03-31 14:27 - 00000000 _____ C:\Windows\System32\GfxValDisplayLog.bin
2017-03-31 14:27 - 2017-01-13 18:38 - 00099840 _____ (Khronos Group) C:\Windows\System32\OpenCL.DLL
2017-03-31 14:26 - 2017-03-31 19:05 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-31 14:26 - 2017-03-31 14:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-03-31 14:26 - 2017-03-31 14:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-03-31 14:26 - 2017-03-31 14:26 - 00000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-03-31 14:26 - 2017-03-31 14:26 - 00000000 ____D C:\Program Files\Intel
2017-03-31 14:22 - 2017-03-27 22:20 - 02717184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-03-31 14:21 - 2017-03-31 14:21 - 00000000 ____D C:\ProgramData\USOShared
2017-03-31 14:20 - 2017-04-17 10:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-31 14:19 - 2017-04-17 10:51 - 00000000 ____D C:\Windows\System32\SleepStudy
2017-03-31 14:19 - 2017-04-16 23:57 - 00194192 _____ C:\Windows\System32\FNTCACHE.DAT
2017-03-31 11:11 - 2017-03-31 11:11 - 00000000 ___RD C:\Users\Administrator\OneDrive
2017-03-31 11:06 - 2016-08-29 15:38 - 00000000 ____D C:\Users\Administrator\Documents\hp.system.package.metadata
2017-03-31 11:06 - 2016-08-29 15:38 - 00000000 ____D C:\Users\Administrator\Documents\hp.applications.package.appdata
2017-03-30 08:44 - 2017-03-30 08:44 - 00383696 _____ C:\Users\Administrator2\Desktop\CBS.7z
2017-03-30 08:44 - 2017-03-30 08:44 - 00000000 ____D C:\Users\Administrator2\Desktop\CBS
2017-03-30 08:02 - 2017-03-30 08:02 - 00006087 _____ C:\Users\Administrator2\Desktop\disk report.txt
2017-03-29 17:02 - 2017-03-29 17:02 - 00017534 _____ C:\Users\Administrator2\Desktop\uh.txt
2017-03-29 17:01 - 2017-03-29 17:02 - 00017538 _____ C:\VEW.txt
2017-03-29 16:47 - 2017-03-29 16:48 - 00061440 _____ ( ) C:\Users\Administrator2\Desktop\VEW.exe
2017-03-28 15:12 - 2017-03-28 15:12 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-03-28 15:03 - 2017-03-28 15:07 - 165236520 _____ (Sophos Limited) C:\Users\Administrator2\Desktop\Sophos Virus Removal Tool.exe
2017-03-28 14:42 - 2017-03-28 14:42 - 00009944 _____ C:\Users\Administrator2\Desktop\ark.txt
2017-03-28 13:56 - 2017-03-28 15:06 - 00001049 _____ C:\Users\Administrator2\Desktop\instruction.txt
2017-03-28 13:54 - 2017-03-28 13:54 - 00380928 _____ C:\Users\Administrator2\Desktop\k3233mof.exe
2017-03-28 13:48 - 2017-03-28 13:48 - 00002938 _____ C:\Users\Administrator2\Desktop\RK.txt
2017-03-28 09:19 - 2017-03-28 09:19 - 00000000 ____D C:\RegBackup
2017-03-28 09:14 - 2017-03-28 09:19 - 00000000 ____D C:\Users\Administrator2\Desktop\windows repair tool
2017-03-28 09:09 - 2017-03-28 09:12 - 32824320 _____ (Tweaking.com) C:\Users\Administrator2\Desktop\tweaking.com_windows_repair_aio_setup.exe
2017-03-27 12:59 - 2017-03-27 12:59 - 00003777 _____ C:\Users\Administrator2\Desktop\FSS.txt
2017-03-27 12:58 - 2017-03-27 12:58 - 00899584 _____ (Farbar) C:\Users\Administrator2\Desktop\FSS.exe
2017-03-27 10:59 - 2017-03-27 10:59 - 01767144 _____ C:\Users\Administrator2\Desktop\minidumps windows.7z
2017-03-27 09:30 - 2017-03-27 10:56 - 00000000 ____D C:\Users\Administrator2\Desktop\New folder
2017-03-27 09:27 - 2017-03-27 10:35 - 49405136 _____ (Microsoft Corporation) C:\Users\Administrator2\Desktop\Windows-KB890830-x64-V5.46.exe
2017-03-27 09:27 - 2017-03-27 10:24 - 04031440 _____ C:\Users\Administrator2\Desktop\AdwCleaner.exe
2017-03-27 09:26 - 2017-03-27 09:42 - 57131432 _____ (Malwarebytes ) C:\Users\Administrator2\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-27 09:26 - 2017-03-27 09:35 - 00566128 _____ (Malwarebytes) C:\Users\Administrator2\Desktop\mbam-clean-2.3.0.1001.exe
2017-03-26 17:59 - 2017-03-26 18:00 - 00056763 _____ C:\Users\Administrator2\Desktop\Addition.txt
2017-03-26 17:57 - 2017-04-15 15:15 - 00000000 ____D C:\FRST
2017-03-26 17:57 - 2017-03-26 18:00 - 00132510 _____ C:\Users\Administrator2\Desktop\FRST.txt
2017-03-26 17:57 - 2017-03-26 17:57 - 02424832 _____ (Farbar) C:\Users\Administrator2\Desktop\FRST64.exe
2017-03-26 16:52 - 2017-03-26 16:52 - 15701641 _____ C:\Users\Niko\Downloads\sdthroa and lol mod of it.7z
2017-03-26 16:52 - 2017-03-26 16:52 - 15701641 _____ C:\Users\Administrator2\Desktop\sdthroa and lol mod of it.7z
2017-03-25 12:58 - 2017-03-25 12:58 - 35109888 _____ (Adlice Software ) C:\Users\Administrator2\Downloads\setup.exe
2017-03-25 12:40 - 2017-03-25 12:40 - 00003062 _____ C:\Users\Administrator2\Desktop\AdwCleaner[C0].txt
2017-03-25 12:28 - 2017-03-27 10:32 - 00000000 ____D C:\AdwCleaner
2017-03-25 12:27 - 2017-03-25 12:28 - 04031440 _____ C:\Users\Administrator2\Downloads\AdwCleaner.exe
2017-03-24 23:06 - 2017-03-24 23:06 - 06654960 _____ (AVAST Software) C:\Users\Administrator2\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-03-24 16:46 - 2017-03-24 16:48 - 165004424 _____ (Sophos Limited) C:\Users\Administrator2\Downloads\Sophos Virus Removal Tool.exe
2017-03-24 15:48 - 2017-03-24 15:49 - 07099104 _____ C:\Users\Niko Guest Space\Downloads\20170324-011-IPS_IU_SEP.jdb
2017-03-24 15:44 - 2017-03-24 15:47 - 168775896 _____ C:\Users\Niko Guest Space\Downloads\20170324-003-v5i64.exe
2017-03-24 15:37 - 2017-03-24 15:39 - 167245704 _____ C:\Users\Niko Guest Space\Downloads\20170324-003-v5i32.exe
2017-03-24 15:37 - 2017-03-24 15:38 - 06207224 _____ C:\Users\Niko Guest Space\Downloads\20170324-011-IPS_IU_SEP.exe
2017-03-24 01:53 - 2017-03-24 01:54 - 635337260 _____ C:\Users\Niko\Downloads\The Shower Hour S2 Episode 20 March 24 2017.wav
2017-03-22 21:18 - 2017-04-07 17:07 - 00000000 ____D C:\Users\Niko\Desktop\Moduntandblade mods
2017-03-20 15:51 - 2017-03-20 15:51 - 00040242 _____ C:\Users\Niko\Downloads\17 - 1.webp
2017-03-19 15:25 - 2017-03-19 15:25 - 00000000 ____D C:\Users\Public\Documents\Steam
2017-03-19 14:53 - 2017-04-15 10:59 - 00000590 _____ C:\Users\Niko\Desktop\docsn.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-17 00:00 - 2016-04-26 22:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-17 00:00 - 2015-08-25 16:25 - 00000000 __SHD C:\Users\Niko\IntelGraphicsProfiles
2017-04-16 17:46 - 2016-07-06 13:49 - 00000000 __SHD C:\Users\Administrator2\IntelGraphicsProfiles
2017-04-15 12:53 - 2017-02-07 08:30 - 00000000 ____D C:\Users\Niko\Desktop\mods
2017-04-08 00:54 - 2016-07-04 10:32 - 00000000 ___RD C:\Users\Niko\OneDrive
2017-04-04 15:54 - 2015-11-25 16:34 - 00000000 ____D C:\Users\Niko\AppData\LocalLow\Temp
2017-04-01 16:45 - 2015-11-10 15:22 - 00000000 ____D C:\Users\Niko\Desktop\PSU
2017-04-01 14:08 - 2016-07-06 13:59 - 00000000 ___RD C:\Users\Administrator2\OneDrive
2017-03-31 21:44 - 2016-05-27 10:06 - 00000000 ____D C:\Users\Niko\Downloads\sdthroa and lol mod of it
2017-03-31 20:21 - 2015-08-27 18:17 - 00000000 ____D C:\Users\Niko\Documents\Mount&Blade Warband Savegames
2017-03-31 14:53 - 2016-07-15 22:04 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-03-31 14:50 - 2016-07-15 22:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\poqexec.exe
2017-03-30 15:22 - 2016-07-06 23:38 - 00000000 __SHD C:\Users\Niko Guest Space\IntelGraphicsProfiles
2017-03-28 10:00 - 2015-09-14 17:44 - 00000000 ____D C:\Users\Niko\Documents\Enter the Wu-Tang (36 Chambers)
2017-03-25 21:41 - 2016-07-06 14:05 - 00000000 ____D C:\Users\Administrator2\Documents\Youcam
2017-03-25 12:11 - 2016-08-28 21:56 - 00000000 ____D C:\Users\Niko Guest Space\Documents\Youcam
2017-03-24 16:32 - 2016-04-18 13:49 - 00000000 ____D C:\NPE
2017-03-24 16:27 - 2016-07-04 10:31 - 00000000 ____D C:\Users\Niko\Documents\Youcam
2017-03-24 15:34 - 2016-08-28 21:56 - 00000000 ___RD C:\Users\Niko Guest Space\OneDrive
2017-03-20 11:24 - 2016-11-03 13:47 - 00000000 ____D C:\Users\Niko\Documents\Sound recordings
2017-03-19 15:25 - 2016-06-02 12:35 - 00000000 ____D C:\Users\Niko\Documents\My Games
2017-03-19 15:18 - 2013-07-09 11:05 - 00000000 ____D C:\Users\Niko\Documents\half life 2 save

Some files in TEMP:
====================
2017-04-15 14:26 - 2016-11-11 02:13 - 1886344 _____ (Microsoft Corporation) C:\Users\Administrator2\AppData\Local\Temp\dllnt_dump.dll

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2017-01-10 23:21] - [2016-12-13 20:24] - 0673792 _____ (Microsoft Corporation) 917F081E2AB667C44F7D96DE1D16DFAE

C:\Windows\System32\wininit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0304240 _____ (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70

C:\Windows\explorer.exe
[2017-03-14 16:11] - [2017-03-03 23:03] - 4674360 _____ (Microsoft Corporation) F2D58A2E27C2CD486F8F0A123A3F34C3

C:\Windows\SysWOW64\explorer.exe
[2017-03-14 16:15] - [2017-03-03 22:46] - 4312248 _____ (Microsoft Corporation) 805E293E2A440F7464B10D58988818F2

C:\Windows\System32\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC

C:\Windows\SysWOW64\svchost.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

C:\Windows\System32\services.exe
[2016-12-14 13:35] - [2016-11-11 01:51] - 0454592 _____ (Microsoft Corporation) 3C69CC28665854F1AAB4B4005005FA31

C:\Windows\System32\User32.dll
[2016-12-14 13:34] - [2016-12-09 02:10] - 1461200 _____ (Microsoft Corporation) C46EA86BF0E7C96235E9064CBAD6ED26

C:\Windows\SysWOW64\User32.dll
[2016-12-14 13:34] - [2016-12-09 01:52] - 1435896 _____ (Microsoft Corporation) 4BEC594A3D4AEAFAC400D88F7E328C7B

C:\Windows\System32\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

C:\Windows\SysWOW64\userinit.exe
[2016-07-16 03:42] - [2016-07-16 03:42] - 0027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

C:\Windows\System32\rpcss.dll
[2016-07-16 03:42] - [2016-07-16 03:42] - 0888320 _____ (Microsoft Corporation) 7BD259FC59CF9C2AE1B979564B374CC6

C:\Windows\System32\dnsapi.dll
[2017-03-14 16:12] - [2017-03-03 23:24] - 0646688 _____ (Microsoft Corporation) 2813C62F5BE7FAF0A1C5CC37E5C2F25D

C:\Windows\SysWOW64\dnsapi.dll
[2017-03-14 16:14] - [2017-03-03 23:09] - 0497416 _____ (Microsoft Corporation) AA86DC342B4ED1C1F839C3BC8AEA64B1

C:\Windows\System32\Drivers\volsnap.sys
[2016-07-16 03:42] - [2016-07-16 03:42] - 0391520 _____ (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230


==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-04-07 17:17
Restore point date: 2017-04-08 20:27
Restore point date: 2017-04-10 09:56
Restore point date: 2017-04-14 16:48
Restore point date: 2017-04-16 07:33

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 8112.67 MB
Available physical RAM: 6832.84 MB
Total Virtual: 8112.67 MB
Available Virtual: 6920.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:900.98 GB) (Free:543.98 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:30.24 GB) (Free:0 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
Drive h: () (Removable) (Total:0.05 GB) (Free:0.04 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 06A3DEBE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=901 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-04-16 06:47

==================== End of FRST.txt ============================

Link to post
Share on other sites

Unfortunately there is nothing in that log to help us, I was hoping the last entry "LastRegBack: 2017-04-16 o6:47" would have pre dated the start of your problems, as can be see from the date it does not..... Sigh..

I want to try SFC /Scannow offline command to check and replace as required system files.. Because we will be running offline I need to see which partitions are System Reserved and which is Windows. Do the following: (Unplug USB devices)

Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from  there select "Command Prompt"

At the command prompt type or copy/paste wmic logicaldisk get deviceid, volumename, description then tap enter.

The following information or similar should show:

Description          Device ID       Volume name

Local Fixed Disk      C:              System Reserved
Local Fixed Disk      D:              Windows
CD-Rom Disc           E:
Local Fixed Disk      F:               Boot

Tell me what you see on your PC in similar format......

Thank you,

Kevin...

 

 

 

 

 

 

Link to post
Share on other sites

This is what it came up with

 

Local Fixed Disk C:       SYSTEM

Local Fixed Disk D:     

Local Fixed Disk E:      Recovery

Local Fixed Disk F:      HP_TOOLS

CD-ROM Disc    G:

Local Fixed Disk X:     Boot

 

Thank you for your help.

Edited by Jwinebago382
Link to post
Share on other sites

Thanks for that information, Continue with the following:

Boot your PC and let it go as far as it can, Now hold down the Shift key and re- boot your PC. Windows should open to the "Choose an Option" window....

From that window select "Troubleshoot" from the next window select "Advance Options" from  there select "Command Prompt"

At the command prompt type or copy/paste sfc /scannow /offbootdir=C:\ /offwindir=C:\Windows then tap enter.


This may take awhile to complete, when done type exit tap enter..... Re-boot, see if windows boots normally...

Link to post
Share on other sites

Probably the best way forward is to factory reset your PC, backup any important data, pictures, videos, music etc. Your PC seems to be HP, I believe to access recovery manager tap on F11 key at boot will access recovery manager....

Let me know what you think...

Thank you,

Kevin...

Link to post
Share on other sites

Hi Kevin,

I bought an external drive to move my stuff to, it's on its way. My questions are, do you think I have a virus in my system? And could this virus move from my computer into the external drive? Does it depend on what i move to the external drive, or will the virus move to the external drive immediately upon connection? If the external drive gets infected, could a computer repair shop clean the drive?

 

Thank you for your help.

Link to post
Share on other sites

Use McShield to check your external drive before moving data back to your fresh install of windows... So you move all data to ext HD, wipe system HD and install Windows, install any extra software needed... Install McShield http://mcshield.net/ When ready connect ext hard drive, McShiied will automatically scan the ext HD....

When that finishes download and run Sophos AV, that will also check installed OS and scan ext HD, after that you should be good to go, move data back from ext HD...

A bit long winded but worthwhile....

Thank you,

Kevin....

Link to post
Share on other sites

Hi,

i tried F11 at startup, it never opened up. It always went right to the mormal start menu screen. Also when i would search "recovery manager" in the search tab in a profile, nothing would come up in my system. So i went to advanced startup from the main menu, and hit 'restart now.' I went to 'Reset This PC,' then 'Remove all files.' It asked if I wanted to clean the pc (for recycling) or remove all files, i removed all files. It asked if i wanted to reset and remove all extra drives, i said i want to. It is resetting currently, is bleepingcomputer safe to go to so i can check my hp with roguekiller in case the virus survived? Then check the external drive?

 

thank you!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.