TLJaguar Posted August 22, 2017 ID:1155771 Share Posted August 22, 2017 I get this error anytime I try to open Malwarebytes, or most other anti-malware programs, and my browser gets redirected. I tried installing malwarebytes anti root kit, but I get the same error when I attempt to install. I renamed the downloaded file and still continue to get the same error. Link to post Share on other sites More sharing options...
Valinorum Posted August 22, 2017 ID:1155797 Share Posted August 22, 2017 Hi , My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s): Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance. Please do not install any new software while we are working on this system as it may hinder our process. Malware removal is a complicated process and so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean. Please do not try to fix anything without being asked. Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise. Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from the internet and you will not always be able to access this thread. Back up your data. I will not knowingly suggest you any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system. If you are confused about any instruction, stop and ask. Do not keep on going. Do not repeat the steps if you face any problems. I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed. Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication. The fixes are for your system only. Please refrain from using these fixes on another system as it may do serious damage. Please, peruse the following thread and attach the logs.https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155835 Share Posted August 22, 2017 I downloaded mbar-1.09.4.1001.exe and extracted it to my desktop as instructed, but MBAR did not automatically start, and when I manually tried to run mbar.exe I still receive the same error message. Link to post Share on other sites More sharing options...
Valinorum Posted August 22, 2017 ID:1155836 Share Posted August 22, 2017 Did this happen with the MBAR downloaded from the link I provided or your previous MBAR? Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155841 Share Posted August 22, 2017 yes this was the fresh link you provided Link to post Share on other sites More sharing options...
Valinorum Posted August 22, 2017 ID:1155844 Share Posted August 22, 2017 Hmm, we may have to use Recovery Mode. Do you have a pendrive? We will need it later. Step #1 Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.Download link for 32 bit systemDownload link for 64 bit system Right-click on the program and choose Run as administrator; Put tick-mark on all boxes under Whitelist and Optional Scan; Click on Scan; After the scan two notepad files will be opened --FRST.txt; Addition.txt Copy and Paste the contents of the logs in your next reply. Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155845 Share Posted August 22, 2017 I am unable to run that either. Link to post Share on other sites More sharing options...
Valinorum Posted August 22, 2017 ID:1155846 Share Posted August 22, 2017 Can you try that in Safe Mode? Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155860 Share Posted August 22, 2017 i realized I had another AV program running that disabled this. I uninstalled that program, tried running MBAR again but no difference, and re-downloaded FRST. ran FRST and got this error for several files, then the scan ran, but did not leave any txt files. attempting in safemode now Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155863 Share Posted August 22, 2017 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017 Ran by tljag (administrator) on DESKTOP-SSGMRCJ (22-08-2017 08:09:57) Running from C:\Users\tljag\Downloads Loaded Profiles: tljag (Available Profiles: tljag) Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\HelpPane.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corp.) C:\Users\tljag\Downloads\mbar-1.09.4.1001(1).exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\net.exe (Microsoft Corporation) C:\Windows\SysWOW64\net1.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Acrobat Assistant 7.0] => C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-14] (Adobe Systems Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-06-10] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-01-20] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-01-20] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1278568 2017-05-10] (Carbonite, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM\...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cisB710.exe [4784320 2017-07-11] (COMODO) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKU\S-1-5-21-584086061-3025348732-3442670432-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-584086061-3025348732-3442670432-1002\...\RunOnce: [Application Restart #3] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2017-06-01] (The NWJS Community) HKU\S-1-5-21-584086061-3025348732-3442670432-1002\...\MountPoints2: {c3b57b30-5c17-11e7-96f3-082e5f2f81b6} - "G:\VZW_Software_upgrade_assistant.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk [2017-06-02] ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2017-06-01] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-06-01] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2017-06-01] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.) GroupPolicyScripts: Restriction <==== ATTENTION GroupPolicyScripts-x32: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 Tcpip\..\Interfaces\{656f9970-b686-4aca-a844-8fc970515f4e}: [DhcpNameServer] 209.18.47.61 209.18.47.62 Internet Explorer: ================== HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://rotary.vsgdover.com/ BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-26] (Oracle Corporation) BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-26] (Oracle Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated) Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2017-06-02] (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2017-03-18] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: znnyacvj.default FF ProfilePath: C:\Users\tljag\AppData\Roaming\Mozilla\Firefox\Profiles\znnyacvj.default [2017-08-22] FF Extension: (AdBlock) - C:\Users\tljag\AppData\Roaming\Mozilla\Firefox\Profiles\znnyacvj.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-07-27] FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-26] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-17] (Google Inc.) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7300156.js [2017-08-20] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7300156.cfg [2017-08-20] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default [2017-08-21] CHR Extension: (Google Slides) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-17] CHR Extension: (Google Docs) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-17] CHR Extension: (Google Drive) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-17] CHR Extension: (YouTube) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-17] CHR Extension: (Google Sheets) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-17] CHR Extension: (Google Docs Offline) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-17] CHR Extension: (Gmail) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-17] CHR Extension: (Chrome Media Router) - C:\Users\tljag\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-17] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677880 2017-04-25] (SEIKO EPSON CORPORATION) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed] S2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation) S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.) S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-07-26] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation) S2 windowsmanagementservice; C:\Users\tljag\AppData\Local\qhneoz\lclhgr\ct.exe [535552 2017-08-08] () [File not signed] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110096 2016-04-18] (Advanced Micro Devices) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2017-01-16] (Samsung Electronics Co., Ltd.) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-08-20] (Malwarebytes) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2017-01-16] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-08-22] (Zemana Ltd.) ========================== Drivers MD5 ======================= C:\Windows\System32\drivers\1394ohci.sys AAB860A5E606B9621E130D8C29D3F305 C:\Windows\System32\drivers\3ware.sys 4140B14929C555E9513D59A2EEB5C471 C:\Windows\System32\drivers\ACPI.sys D3DB4E3C096EFF74FB6E73E37CB66DD7 C:\Windows\System32\drivers\AcpiDev.sys 3E5E5DAE5CAEC0209C93D3AD8128D8A0 C:\Windows\System32\Drivers\acpiex.sys F72D7CC7E7A97A09757313F3B4C7E17A C:\Windows\System32\drivers\acpipagr.sys F04B6F53FBDB2B6B0451AE53DE19F0C9 C:\Windows\System32\drivers\acpipmi.sys C347A6095F3BE417D24F1E1349F4AF0F C:\Windows\System32\drivers\acpitime.sys 686BFFC47454DD2F58795C2EE891CA9F C:\Windows\System32\drivers\ADP80XX.SYS FBDA59118E59B3722248C66BAD89CAA9 C:\Windows\system32\drivers\afd.sys AC1928C2F7505BD556C552F153B062AB C:\Windows\System32\DRIVERS\ahcache.sys 1D914C996F2C3134E2344BB74F79BCF6 C:\Windows\System32\drivers\amdk8.sys 9C39FBA94FFEF04561D13ED0D1B50DD0 C:\Windows\system32\DRIVERS\atikmdag.sys F992CE57F4D2A2F988135A1F87337EBC C:\Windows\system32\DRIVERS\atikmpag.sys 17BA5C907E14947574CBB788F4CEB85F C:\Windows\System32\drivers\amdppm.sys 395D56FA2E22A10AE4774440D086F559 C:\Windows\System32\drivers\amdsata.sys EB729A9ADCB9F9C406B533F95E2F67D4 C:\Windows\System32\drivers\amdsbs.sys 3B5C5C696F33FE61F1922533B03B9316 C:\Windows\System32\drivers\amdxata.sys A7D45A303FF8A9493C96C4B804051E6E C:\Windows\System32\drivers\appid.sys 5180537517C27375B1F2CB37ED599FAF C:\Windows\System32\drivers\applockerfltr.sys EAF36A714E16A69B8B4ED7591CBA77B6 C:\Windows\system32\drivers\AppvStrm.sys 2D2DF2463FACFBF2FEE39DCCDF49D1B5 C:\Windows\system32\drivers\AppvVemgr.sys B86E646CE67FE9D75C0D762B19B465FC C:\Windows\system32\drivers\AppvVfs.sys 2207D2A001A3C30B825F191CD2A76C91 C:\Windows\System32\drivers\arcsas.sys 6E456A94B9BD7F6B4758729BCEDE40C3 C:\Windows\System32\drivers\asyncmac.sys 766F3A7E42AFCF74265FAC78987D1665 C:\Windows\System32\drivers\atapi.sys 01733BEEE02E51F712330D5909BD701C C:\Windows\system32\drivers\AtihdWT6.sys 76350B0D2EF7AE93CAEDE0C916ADFE1E C:\Windows\System32\drivers\bxvbda.sys 0914A5E66C0775CE11960452A6434FEC C:\Windows\System32\drivers\BasicDisplay.sys F8129321B1874D4386F7FEB754BC3380 C:\Windows\System32\drivers\BasicRender.sys E2BFD01BD0ECF2BDE9420022147952A4 C:\Windows\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7 C:\Windows\System32\Drivers\Beep.sys ED03D2ACE378C9EB8BB957ABBD85B951 C:\Windows\System32\DRIVERS\bowser.sys 2342B8619193B0D9FAC0D02C69DCE74A C:\Windows\System32\drivers\BthAvrcpTg.sys AF57F0B0E284BE06860A7B701341324D C:\Windows\System32\drivers\bthhfenum.sys 729CC10B1658178F0F009FE0E9159281 C:\Windows\System32\drivers\BthHFHid.sys 336A9C0254A0178ED50281B6EDF5B836 C:\Windows\System32\drivers\bthmodem.sys 5428242193611BF91DDBF4F58900A55A C:\Windows\System32\drivers\buttonconverter.sys 102CAA11BA89290D48FBFD2E04274BA0 C:\Windows\System32\drivers\CAD.sys 029434AC0A3935F9125ABBD08BF7C30B C:\Windows\System32\drivers\capimg.sys 307AE8BC9B45772DA02FB952A1D86C35 C:\Windows\System32\DRIVERS\cdfs.sys B6E5AD7C83A5254DEE9D86023C0E5A81 C:\Windows\System32\drivers\cdrom.sys ABE77AD954BC3D72F559CF0C381E50BC C:\Windows\System32\drivers\cht4sx64.sys 05EA22CFC40EDE05BF6E3BC782E5204C C:\Windows\System32\drivers\cht4vx64.sys 863E1C9F6750446DFB9EDCAEC3531367 C:\Windows\System32\drivers\circlass.sys 3E416539352B007AD0610BF34AC15D31 C:\Windows\System32\drivers\cldflt.sys 616E1ED94FA7F96D429D985FDB203D2E C:\Windows\System32\drivers\CLFS.sys 96C01F97576D2542FCBD28E13C8CC6A1 C:\Windows\System32\drivers\registry.sys 5118CFC33BBB51C7E3ED441B7085AD26 C:\Windows\System32\drivers\CmBatt.sys 232F3A3AC3A2FB32C5C46503A6517073 C:\Windows\System32\Drivers\cng.sys 3413CE81E02C091F33C4C3DD3071630F C:\Windows\System32\DRIVERS\cnghwassist.sys E1BFF774FF67CA951A5DFF0E104FB132 C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys DFDAEDB857BC18764F0D8ECDCC3C1499 C:\Windows\System32\drivers\condrv.sys 04532711732BE9DBC364E88E4A9EC18A C:\Windows\System32\drivers\csc.sys EFB2A77F0CD1B8A79899C1D37B01CA86 C:\Windows\System32\drivers\dam.sys F51953EC4B9AACD92A3B3CE66E05CEF4 C:\Windows\System32\Drivers\dfsc.sys 185A4519B7764F4DEF714D890A7A9FD2 C:\Windows\system32\DRIVERS\ssudbus.sys 9593475FBC857A05D93BFF4FA7323C2B C:\Windows\System32\drivers\disk.sys 1203EA16F36C5BEB2509FB7CC03DC178 C:\Windows\System32\drivers\dmvsc.sys 038B8B76284BC291EC75B005BB3EB13F C:\Windows\system32\DRIVERS\drmkaud.sys 3D934A1C02EB6979CF45C70A71F580EC C:\Windows\System32\drivers\dxgkrnl.sys F5DFB6D800946ADE35C71BE9928098A9 C:\Windows\System32\drivers\e1i63x64.sys 83E4A14F851341C933C3235BFB882ECA C:\Windows\System32\drivers\evbda.sys D64CD3AE93125EDA383190C2AF607E70 C:\Windows\System32\drivers\EhStorClass.sys FFBB37982E6D24AEC7A2E5459098EAC9 C:\Windows\System32\drivers\EhStorTcgDrv.sys ABF38D02E01D6ED87AE1DF65FC5DF62D C:\Windows\System32\drivers\errdev.sys B9A59B4AD516E38C39FA416398B96CCB C:\Windows\System32\Drivers\exfat.sys 9C4D88E8614487AD85A6F18A71A7298F C:\Windows\System32\Drivers\fastfat.sys C61014A176ECAAF97589E6FC979CE786 C:\Windows\System32\drivers\fdc.sys 853081957BA148F38FD8DE4390CFCF4A C:\Windows\System32\drivers\filecrypt.sys 27E764D6460504B7271AFECE7A59FB76 C:\Windows\System32\drivers\fileinfo.sys 3D6087F51110F3CC0DA89385354F8C5E C:\Windows\System32\drivers\filetrace.sys 057E95E53C38260C4EF49B3A077770CD C:\Windows\System32\drivers\flpydisk.sys 90B2983D8495C26345A1DC5F0C3BB07B C:\Windows\System32\drivers\fltmgr.sys A84261F75F490E45CFEDBA77EFE4F67E C:\Windows\System32\drivers\FsDepends.sys D2814848206DFC18EB8D3D069FAE703E C:\Windows\System32\Drivers\Fs_Rec.sys AE7EDF845F41ACA3B74567C3CE20E987 C:\Windows\System32\DRIVERS\fvevol.sys FF0699483185CE3B4E1144DF19AC5E97 C:\Windows\System32\drivers\vmgencounter.sys 4616F61E24B3AEA6E0E4EA7D69531EF4 C:\Windows\System32\drivers\genericusbfn.sys 23174BB6937459B924BB8EF667FB28EF C:\Windows\System32\Drivers\msgpioclx.sys 4B11CFBE1D9B73A9D865F6AB26F800BA C:\Windows\System32\drivers\gpuenergydrv.sys 3FC3FCF557D0BE3D724EA10642E1F6FF C:\Windows\system32\DRIVERS\HdAudio.sys BF14976E8223D334B21792FB8B74D7FF C:\Windows\System32\drivers\HDAudBus.sys DD1A6F4998E7E21564FA9BAFE21C87ED C:\Windows\System32\drivers\HidBatt.sys 9F90819E301C70A3A042FC05D3E41B5F C:\Windows\System32\drivers\hidbth.sys 3CA3244C45B25F3B3ED9445C195E40EB C:\Windows\System32\drivers\hidi2c.sys 55DAF856F9633DD2519BA4E942870F02 C:\Windows\System32\drivers\hidinterrupt.sys E34216A190D9BF8EAA666F6903BCD0EF C:\Windows\System32\drivers\hidir.sys 852DBB5185996AD8C73872A43A453729 C:\Windows\System32\drivers\hidusb.sys C1A608120DE0DF52E51B8BAF86AF19F9 C:\Windows\System32\drivers\HpSAMD.sys 8ADD9CA3E0F18CEA11EA6FAED794A228 C:\Windows\System32\drivers\HTTP.sys 2413454E305678EA9A486E8DE2E67849 C:\Windows\System32\drivers\hvservice.sys F60F8390B635156593F7493AE898AFB0 C:\Windows\System32\drivers\hwpolicy.sys 563F5FC3B46A70A91AB6C8822AC8BF25 C:\Windows\System32\drivers\hyperkbd.sys C082249BC3E972C8A132D9EC6AD9EAD5 C:\Windows\System32\drivers\i8042prt.sys C6C8315E3262FAE460529C6DA2951682 C:\Windows\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys 42962355A7911407026E920E7252E3E5 C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys BD47B2FEABFA48C6224D43EE9EA9BC06 C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 2184CB3A65888F446FCD6DBA9F073F4C C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 4126F8DA08CE7924A3AE6F7235F85D5F C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7 C:\Windows\System32\drivers\iaStorAV.sys D820075D3395BED28FC57AEF8FBA666F C:\Windows\System32\drivers\iaStorV.sys A243E0CE8644378C9A9D015ABC3EDA27 C:\Windows\System32\drivers\ibbus.sys E16E4FC9F250E48CB2CAD93E59D010E2 C:\Windows\System32\drivers\IndirectKmd.sys 0E33BC018502E7FDE77C343055D9C626 C:\Windows\System32\drivers\intelide.sys 4B7F8A1AAC7172DB6918A0E10E1D78A3 C:\Windows\System32\drivers\intelpep.sys 0A3DBE89C965FFB7C0D0E38834E77B90 C:\Windows\System32\drivers\intelppm.sys 64EC687A811DC4F69DF3816F073352AA C:\Windows\System32\drivers\iorate.sys 549C278119FF539C3B219C55B98B0E87 C:\Windows\System32\DRIVERS\ipfltdrv.sys A0F9F2E87F0C751FE164D90EB44A9B63 C:\Windows\System32\drivers\IPMIDrv.sys 656DDB34996A96539BA6E2843B5F2A77 C:\Windows\System32\drivers\ipnat.sys DCC05E5EAA580C97F13B434FAFACED85 C:\Windows\system32\drivers\irda.sys 9035C10C7EB8CF7C87CEA82A62EBB43A C:\Windows\System32\drivers\irenum.sys E7FD479E3298F3C8852A0D2F092BDB35 C:\Windows\System32\drivers\isapnp.sys 7FE3B3A30FA20F27AF7022A01C2266BA C:\Windows\System32\drivers\msiscsi.sys D492648D96A14BA639B76D177B24CD82 C:\Windows\System32\drivers\kbdclass.sys D36B404BF979297C6572AEF98B2594F2 C:\Windows\System32\drivers\kbdhid.sys 7E2036A846789D6D6A2EE21915017EE1 C:\Windows\System32\drivers\kdnic.sys 4C054B8E901F41F5743DADE8A29FF256 C:\Windows\System32\Drivers\ksecdd.sys BA7A5838866618A4E82FBC05B8923605 C:\Windows\System32\Drivers\ksecpkg.sys 6629CAA1F157088B9EDD1EAD24C6D753 C:\Windows\system32\drivers\ksthunk.sys 9778205F28DC4F2EFFCC146647FE5CF0 C:\Windows\System32\drivers\lltdio.sys FC37745959DFA4871759E4DCC836227A C:\Windows\System32\drivers\lsi_sas.sys 16C9D4D822CCA795A72DC88B25A577CC C:\Windows\System32\drivers\lsi_sas2i.sys 920F0CFCED5F28A31B79F1C470649D11 C:\Windows\System32\drivers\lsi_sas3i.sys 0FE63316F1C70A0F759A449FAC64C24B C:\Windows\System32\drivers\lsi_sss.sys 80E82C46B27A923A3744531069B63857 C:\Windows\system32\drivers\luafv.sys 88F5570C04766EE561FF129B2F93030C C:\Windows\System32\drivers\mausbhost.sys C3EED732789052C98A2613A7E1C37CDA C:\Windows\System32\drivers\mausbip.sys 4DCE65116A28488593FF5A6A18B03DB0 C:\Windows\System32\drivers\MBAMSwissArmy.sys C3549BE8C1FE4ECBEE21DAD3378F6CD0 C:\Windows\System32\drivers\megasas.sys 0609BF877A2F4DEECC62EEE220AB6242 C:\Windows\System32\drivers\MegaSas2i.sys EEC64C8D498D121607C7615FDFBEE4D0 C:\Windows\System32\drivers\megasr.sys 2B7D3B206833D769218A1F4BE2D73B97 C:\Windows\System32\drivers\TeeDriverW8x64.sys 6D1671CB2E5402F01D2F13ECF764CAA1 C:\Windows\System32\drivers\mlx4_bus.sys 89257B8D3826B5629CF7F73F97DA44F9 C:\Windows\system32\drivers\mmcss.sys 9AE3C0CC0865B1618A3C97744A6A9E9B C:\Windows\System32\drivers\modem.sys 0CD29540C32C2E2E0E3D7E9832752AF3 C:\Windows\System32\drivers\monitor.sys 534477FCAFDFCA6B841BFA06BD26BCC5 C:\Windows\System32\drivers\mouclass.sys F5D4E18A70BA069D479154442CDEB60D C:\Windows\System32\drivers\mouhid.sys 5C09868963B0C076AC3BC7759A46B7B1 C:\Windows\System32\drivers\mountmgr.sys 8BF7039787036529B98E50AE86A0E46B C:\Windows\System32\drivers\mpsdrv.sys AD118EC95E9EF4D5223D681D8F183567 C:\Windows\system32\drivers\mrxdav.sys D14C297933C82B8CB0B5CBBA4DDC830B C:\Windows\System32\DRIVERS\mrxsmb.sys F2AD1B72C5A6475FB5FF332E1980DF88 C:\Windows\System32\DRIVERS\mrxsmb10.sys 469DD958B1D8CB09E38BE2298B8C398D C:\Windows\System32\DRIVERS\mrxsmb20.sys 1FC4802B593494746B6FE3BDAC25E371 C:\Windows\System32\drivers\bridge.sys BD12E1941A87671A767447B02C6A51A1 C:\Windows\System32\Drivers\Msfs.sys 92C00BD9616F353CA59A755C33269757 C:\Windows\System32\drivers\msgpiowin32.sys F27EC8F7A0A779276E5DA2E70C2B01EE C:\Windows\System32\drivers\mshidkmdf.sys CBA955A54C9446CAAD28C76789D3B071 C:\Windows\System32\drivers\mshidumdf.sys E8E568EF60677E4534F387C53EE1B35F C:\Windows\System32\drivers\msisadrv.sys 16376B7B0730C04DD1A2C0CC8E09E420 C:\Windows\system32\DRIVERS\MSKSSRV.sys B26E1C10C8323D2B6ADAF504CD487757 C:\Windows\System32\drivers\mslldp.sys E40B960078A15D4901265D32E071C42D C:\Windows\system32\DRIVERS\MSPCLOCK.sys B4860AB91DC4E73936F0FF504D6B4B07 C:\Windows\system32\DRIVERS\MSPQM.sys 8EDC45C3F7F64A51C98B59E24648F74B C:\Windows\System32\Drivers\MsRPC.sys 7DA5FAC2A49D30CA5B7B96B8B26281AC C:\Windows\System32\drivers\mssecflt.sys 4369BBFCDDCCE61856DD862C8E5C4E19 C:\Windows\System32\drivers\mssmbios.sys 7E3365C8BC83DCE88D6226BB5C7170C4 C:\Windows\system32\DRIVERS\MSTEE.sys 09D51564E49181E9928910D6B91C920E C:\Windows\System32\drivers\MTConfig.sys 793AE56A3946EAD5F906C28D294FEFE6 C:\Windows\System32\Drivers\mup.sys E35F51C7474A26680627477462715206 C:\Windows\System32\drivers\mvumis.sys 74BD1149BF50F1E24934042A3BD17C90 C:\Windows\System32\DRIVERS\nwifi.sys 39C772E20B8C61858F969E4D60699D89 C:\Windows\System32\drivers\ndfltr.sys 0FFE8AF1B94C5FD54E6ACC6DAE990D31 C:\Windows\System32\drivers\ndis.sys E27876B335FEB441DA511030AA85624D C:\Windows\System32\drivers\ndiscap.sys 4EA73CFDEE4A628D387D95464A131F29 C:\Windows\System32\drivers\NdisImPlatform.sys EB127689AF6F24091AB73538A556257F C:\Windows\System32\DRIVERS\ndistapi.sys 73B4C72FB6170A08C64BDA92DE93ECF7 C:\Windows\System32\drivers\ndisuio.sys 6704F27EB15A5B30AA7FA5A4F4D1FD47 C:\Windows\System32\drivers\NdisVirtualBus.sys FE87CCAA89433FC306A80F15E848F4B2 C:\Windows\System32\drivers\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34 C:\Windows\System32\DRIVERS\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34 C:\Windows\System32\DRIVERS\NDProxy.sys AC6AC99075732F5C29DB0004DD5B1AC6 C:\Windows\System32\drivers\Ndu.sys 9AC090451D92E6081EB89CDA83D74189 C:\Windows\System32\drivers\NetAdapterCx.sys A115DDB2C7805C41EEC9A5276FF5764E C:\Windows\System32\drivers\netbios.sys F420B6CAB5151A38E4DBBFFB500C11DA C:\Windows\System32\DRIVERS\netbt.sys 30C2F67EC84EB11B22011620107E0325 C:\Windows\System32\drivers\netvsc.sys 8C03F2F5A9E93AEB08B3AEE51552394A C:\Windows\System32\Drivers\Npfs.sys 6D8F6A9C53CFB0C49E8251A442B7283F C:\Windows\System32\drivers\npsvctrig.sys BABF7E1757D6908941C9F9CBD66A5EF0 C:\Windows\System32\drivers\nsiproxy.sys 7A6BA778B48DF9FB7AC231D4FF6E3248 C:\Windows\System32\Drivers\NTFS.sys 731FD52461C8107E5B19B9AEDBB82BFB C:\Windows\System32\Drivers\Null.sys 4FFB2D5655D10700D5B8E205C4DB86BD C:\Windows\System32\drivers\nvdimmn.sys 99EB6376EC2C03CE5F668577651E3454 C:\Windows\System32\drivers\nvraid.sys 3DB2E9E207358BFBD09B77B5119ECA5B C:\Windows\System32\drivers\nvstor.sys 4C04BFBD4DB2EECCC47F5FA39D65BB6E C:\Windows\System32\drivers\parport.sys 2CC6C325B271C7CA60F374F8F868CB45 C:\Windows\System32\drivers\partmgr.sys 664B7DDEE982ADF5EAB480C75B9F6218 C:\Windows\System32\drivers\pci.sys C5B74C6D87E77BC64DEBD1BF57DEB375 C:\Windows\System32\drivers\pciide.sys CFB85CB7A6F6926EA0EB96EDFB3C8A91 C:\Windows\System32\drivers\pcmcia.sys 13B7D84B397A90E82682C47A15C3A98D C:\Windows\System32\drivers\pcw.sys 76EA512FD9D4673CF7A57775EE8922E2 C:\Windows\System32\drivers\pdc.sys 4A88D29869609A39782EF53145E6F7CA C:\Windows\System32\drivers\peauth.sys 4F190BA3C9BD2F0277BCBF480F396091 C:\Windows\System32\drivers\percsas2i.sys FE52FF97A094609429FEF098EDC6FB08 C:\Windows\System32\drivers\percsas3i.sys FCA143274792F12383C35902E801E83A C:\Windows\System32\drivers\pmem.sys 414CA4DCC31D795882B25ADC1DACE779 C:\Windows\System32\drivers\raspptp.sys D292D7FADCEE481CC64A9DE8FE9C3347 C:\Windows\System32\drivers\processr.sys D57CF871B3977731A91FE9611A54C7C1 C:\Windows\System32\drivers\pacer.sys B60431D2A046AD97F8427F6E568370F5 C:\Windows\system32\drivers\qwavedrv.sys A2B0F46FBA2521E7E732BDBDB1238515 C:\Windows\System32\DRIVERS\rasacd.sys EA9EB06EFC325CD2ACF5DF2F26A4894E C:\Windows\System32\drivers\AgileVpn.sys 4E9379389D0A851DD19D130C8FAEFBD0 C:\Windows\System32\drivers\rasl2tp.sys 5279EC98F6218D29EADDFECCC0D80E9A C:\Windows\System32\DRIVERS\raspppoe.sys D7FF75ED7A48FD60A573C9E959CF4DB5 C:\Windows\System32\drivers\rassstp.sys 6A4E45A7F17FA0B4B1B48C550E311944 C:\Windows\System32\DRIVERS\rdbss.sys F2C575A9657F7B2E027C6CE7BC8F1A2D C:\Windows\System32\drivers\rdpbus.sys 9414B22E093243636D362BF8C8C12A67 C:\Windows\System32\drivers\rdpdr.sys 53A01D3FDB701AC5D9DDE4140227E3D9 C:\Windows\System32\drivers\rdpvideominiport.sys DF32ED51DC0C3F6F3B1C4CEF71B8B426 C:\Windows\System32\drivers\rdyboost.sys 2369A5B651308E0C3458143976E9B03B C:\Windows\System32\Drivers\ReFS.sys 3581FB9529035F8EC6DB681664CA70B1 C:\Windows\System32\Drivers\ReFSv1.sys 79E1ADE19D8B7C56EF29D098EAF57AD0 C:\Windows\System32\drivers\rspndr.sys E87EECED9287C275B6CF30EB598B1D77 C:\Windows\System32\drivers\vms3cap.sys 6308366D3CDEA5F427CFF4BCF0081B4E C:\Windows\System32\drivers\sbp2port.sys 33B2DC5C2F19DA89F862484E23D9833D C:\Windows\System32\DRIVERS\scfilter.sys 5CFEEFCC6FAD1FD09ACCFBD652DDD85B C:\Windows\System32\drivers\scmbus.sys 5C8620FAC0E3C1658C8EF7AD7BB7EA5F C:\Windows\System32\drivers\sdbus.sys 71A494A502F24465317E88E80F6C0C2C C:\Windows\System32\drivers\SDFRd.sys 464B615872981015AC4FEEBDEA83A063 C:\Windows\System32\drivers\sdstor.sys 6BC219F1D9CDE08CEB9084ADB41FBA01 C:\Windows\System32\drivers\SerCx.sys 585329F62195A4B7AAD0A95F6EC89751 C:\Windows\System32\drivers\SerCx2.sys C8F4FDA8B3D039D7947344614FF5BFB2 C:\Windows\System32\drivers\serenum.sys E5B450E4E0DC1591254BF9CCF6C57B40 C:\Windows\System32\drivers\serial.sys 628D8DD136F92316BFEB58FA005338B7 C:\Windows\System32\drivers\sermouse.sys E5BA0B7353ADC5C95AB466D2E4DC89B1 C:\Windows\System32\drivers\sfloppy.sys 15CFCC4692DA8887B977CE5FC5181084 C:\Windows\System32\drivers\SiSRaid2.sys 2339F6B45E1D863B1D327F3AFD75A675 C:\Windows\System32\drivers\sisraid4.sys F520D50AD7266ED31D25DF4C8EA6BC2D C:\Windows\System32\drivers\spaceport.sys 2334ED0B61CAE7E7B1B454674206CDAC C:\Windows\System32\drivers\SpatialGraphFilter.sys F3F0B8CAC1F3E6C3382EAFCE762475AD C:\Windows\System32\drivers\SpbCx.sys 83E82B0E292DCDE4C75B9241BF0FB300 C:\Windows\System32\DRIVERS\srv.sys 36EAC4FE629FC036632F13EC14788FD1 C:\Windows\System32\DRIVERS\srv2.sys A84B05C7C2A233497BE1D518A662C326 C:\Windows\System32\DRIVERS\srvnet.sys 0351B28EEDFBD6C8CC69A7224A098CFA C:\Windows\system32\DRIVERS\ssudmdm.sys 592FF34A2FD6C6351B8A3AA76B2C0A9E C:\Windows\System32\drivers\stexstor.sys D40C589F80EB1C511263D0547C0259AE C:\Windows\System32\drivers\storahci.sys 576A818562069B1E091CC719C143AED2 C:\Windows\System32\drivers\vmstorfl.sys E5F703788DFA05411F1469E96838F438 C:\Windows\System32\drivers\stornvme.sys 0D0128244FF55EAD3F878D3FE542DBA5 C:\Windows\System32\drivers\storqosflt.sys 3A62FF78619258E6126C5C4B4CC82C8E C:\Windows\System32\drivers\storufs.sys C6097966F8EA3B288070CDF7C3C8C3E8 C:\Windows\System32\drivers\storvsc.sys 3DC3B17E92DA02E36B4138733DF6C1AC C:\Windows\System32\drivers\swenum.sys 2BC4D0EBC2467FE90302AE0AFAF23768 C:\Windows\System32\drivers\Synth3dVsc.sys 572F81CF08972D53BAFFC2A110A2A586 C:\Windows\System32\drivers\tap0901.sys 134B275751051C5D03F9ACCDC4F8CAAB C:\Windows\System32\drivers\tcpip.sys D8D7A91B56DEF4A771A4414E9F07D138 C:\Windows\System32\drivers\tcpip.sys D8D7A91B56DEF4A771A4414E9F07D138 C:\Windows\System32\drivers\tcpipreg.sys 1C35A5C62D110346379C55E39A3D547C C:\Windows\system32\DRIVERS\tdx.sys 892AB2637603A5E9507C39E61101C3C3 C:\Windows\System32\drivers\terminpt.sys 96A35CDBA661D41C5A3914257CA1D200 C:\Windows\System32\drivers\tpm.sys F76A92975340DAA99939DA297D677EA8 C:\Windows\System32\drivers\tsusbflt.sys 9856BCCD1CD5DE4D17E8DBBA7CEFC688 C:\Windows\System32\drivers\TsUsbGD.sys 837AD2B941E721BCCEB7EF137E2DEE18 C:\Windows\System32\drivers\tsusbhub.sys 5DED9E34D133F4A363652CDB595D83F3 C:\Windows\System32\drivers\tunnel.sys B3142C6118703E98EB0510CF7B43D0F2 C:\Windows\System32\drivers\uaspstor.sys B4C846ABD462558D45CA578C855759C3 C:\Windows\System32\Drivers\UcmCx.sys 5C2C0296D9EE7DC92A3F14642FBE656D C:\Windows\System32\Drivers\UcmTcpciCx.sys 8BB64E04CD97AD8C68543181D93E2AFC C:\Windows\System32\drivers\UcmUcsi.sys 5A7CE114C8DA9060F32633F81A5625E5 C:\Windows\System32\drivers\ucx01000.sys 5D4EAF3D0911338CB8FDB088386D6DCA C:\Windows\System32\drivers\udecx.sys 384E1F0D84B465820416338E52FE7C2B C:\Windows\System32\DRIVERS\udfs.sys C82BE75239D412057C9E3DB1785680C6 C:\Windows\System32\drivers\UEFI.sys CCDF6EFF952BF3BF34DC17600F479397 C:\Windows\system32\drivers\UevAgentDriver.sys 244A80A1A881E2B9303A0364AAB33F16 C:\Windows\System32\drivers\ufx01000.sys 00BEF71C45FD6B06E7525E7B31EFA88C C:\Windows\System32\drivers\UfxChipidea.sys 9450AB15C30CF7D1F23C8A42E778C3A2 C:\Windows\System32\drivers\ufxsynopsys.sys CEE12C7A689BDF448715024A7E0EB9C3 C:\Windows\System32\drivers\umbus.sys F39ED750EDF5948FA8CD99D1F4EC9372 C:\Windows\System32\drivers\umpass.sys 55984D4E64C2F8E4223542CBCC15EDEB C:\Windows\System32\drivers\urschipidea.sys 4D23214CB8B1C36B82061280EB8FDAB3 C:\Windows\System32\drivers\urscx01000.sys 4329D880DB96B504F0DDC991A7374CCD C:\Windows\System32\drivers\urssynopsys.sys 93FAD0AC5879F274FA248A49E3F3EA33 C:\Windows\System32\drivers\usbccgp.sys 6B09AA6A04C8261E787B6523229E7159 C:\Windows\System32\drivers\usbcir.sys ECE3AD18B4C22ED0C4AB1A2AD9AC32C8 C:\Windows\System32\drivers\usbehci.sys F8BCB536866474C6D8008F4C69B778A1 C:\Windows\System32\drivers\usbhub.sys 1F723DA014062DBF3288B408A7611845 C:\Windows\System32\drivers\UsbHub3.sys C3F953D10C486D6A190AF548B3CF7DC9 C:\Windows\System32\drivers\usbohci.sys BE6ED98FD0D3FE5FB11762AD7CCD6C96 C:\Windows\System32\drivers\usbprint.sys CEE43CD5357DB8786CE6E2C430841AE4 C:\Windows\system32\DRIVERS\usbscan.sys 96B48485A7CC2C0A63C196A16403C5F3 C:\Windows\System32\drivers\usbser.sys 99F0738B320B7A8D11351A32F68AA5F1 C:\Windows\System32\drivers\USBSTOR.SYS 67E26F56CF7EACCBD9C9F75343A3D7C2 C:\Windows\System32\drivers\usbuhci.sys 7BA802C9F73A84B75BB22538ADA495BE C:\Windows\System32\drivers\USBXHCI.SYS 50E70B3A95138AA4A30B095270EE0DE6 C:\Windows\System32\drivers\vdrvroot.sys C1EC9211C7759D2487FD30934AA3EE96 C:\Windows\System32\drivers\VerifierExt.sys C83F3BC00651448DB127D497CF955089 C:\Windows\System32\drivers\vhdmp.sys 0E12F5F6B1C813D17AFDA197C4394423 C:\Windows\System32\drivers\vhf.sys 1AD096A5C00E522398D0092D875A8CB6 C:\Windows\System32\drivers\vmbus.sys EE9A22CFD9AEDD7B52F98B0272494609 C:\Windows\System32\drivers\VMBusHID.sys BFBD0895926FD98A03AD6BB845B569B7 C:\Windows\System32\drivers\vmgid.sys C123C97D351C56C75FE5335AB18255EE C:\Windows\System32\drivers\volmgr.sys 0AB9C264F13E2A070A8CF10EDD099ED2 C:\Windows\System32\drivers\volmgrx.sys 6EE608257C1137A25B402EF8FC77E83A C:\Windows\System32\drivers\volsnap.sys E3429DBBEA3965BB96E24B16EF4A2551 C:\Windows\System32\drivers\volume.sys 86E790B503C771E674C7DF8FFCBFEFDB C:\Windows\System32\drivers\vpci.sys B25589A0892E6DF8CC07E5CB48BFC954 C:\Windows\System32\drivers\vsmraid.sys AA4466A47D2CA7ECE3DCF5256017DCC3 C:\Windows\System32\drivers\vstxraid.sys 98BB6C9AD39D8F2E883093F28282FAEC C:\Windows\System32\drivers\vwifibus.sys B47026E109828102266CBE2F5F9AD113 C:\Windows\System32\drivers\vwififlt.sys 799ECD541A9B2764B36A22A095885365 C:\Windows\System32\drivers\wacompen.sys F0F477541F7AF67CC05DA1CF4921A500 C:\Windows\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13 C:\Windows\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13 C:\Windows\system32\drivers\wcifs.sys 2B7CCCFBB166100842D31440228588CF C:\Windows\system32\drivers\wcnfs.sys 1737BEF60CA384423CE4B32AF1C2BFFC C:\Windows\system32\drivers\WdBoot.sys 38130C1C5FE0E08820EE57E1B087B659 C:\Windows\System32\drivers\Wdf01000.sys 0C6CBF3490EE5F0D62B5820568CA30B8 C:\Windows\system32\drivers\WdFilter.sys F7B6CB0F9ECD28848E2BDACEAB0D9204 C:\Windows\System32\DRIVERS\wdiwifi.sys 2974422E31DBC953A585A065EF736948 C:\Windows\system32\DRIVERS\usb2ser.sys 8542EAE47D35CB658614C1813C7599A2 C:\Windows\System32\Drivers\WdNisDrv.sys 82A4F22C884B4BAE8B531640859F9871 C:\Windows\System32\drivers\wfplwfs.sys 3C8F0ABD00E197101DCF43FEF8FB0D76 C:\Windows\System32\drivers\wimmount.sys 75014BF6510D4C6C69EEE5B7743A52AF C:\Windows\System32\drivers\WindowsTrustedRT.sys C8EBCFED8FD2CDF725E44AF93016621E C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys D318557F9D7CA3836104F0B8ECB1F32E C:\Windows\System32\drivers\winmad.sys 31DDF1D001336B2DCE7DF24E99EF1D04 C:\Windows\System32\drivers\winnat.sys 2E1A614EFB0523E20860AE7978DDA0A4 C:\Windows\System32\drivers\WinUSB.SYS 03858B18BB6DF6A400D9FC5153FD28A8 C:\Windows\System32\drivers\winverbs.sys 0BF4A43CF1F3A4D50AFA4561C3B4628D C:\Windows\System32\drivers\wmiacpi.sys 0D6E1347A891607759340B1E55BA2A77 C:\Windows\System32\Drivers\Wof.sys 1AE1076034392218EE89D2744EC2A071 C:\Windows\System32\drivers\WpdUpFltr.sys 1FD80CBB192A20375F3664639DEB57B5 C:\Windows\system32\drivers\ws2ifsl.sys DAF4451760B46CB383D287C4FAFFE97D C:\Windows\System32\drivers\WudfPf.sys 455609BF60DA3B57EEAB863DEFCCF14D C:\Windows\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9 C:\Windows\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9 C:\Windows\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9 C:\Windows\System32\drivers\xboxgip.sys B10655A4C2EFDC25483D670EF52A4854 C:\Windows\System32\drivers\xinputhid.sys 2E50A379A8E4F6C5D85E87C26C08D329 C:\Windows\System32\drivers\zamguard64.sys 21E13F2CB269DEFEAE5E1D09887D47BB ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-22 08:09 - 2017-08-22 08:10 - 000037494 _____ C:\Users\tljag\Downloads\FRST.txt 2017-08-22 08:09 - 2017-08-22 08:09 - 002395648 _____ (Farbar) C:\Users\tljag\Downloads\FRST64.exe 2017-08-22 08:09 - 2017-08-22 08:09 - 000000000 ____D C:\FRST 2017-08-22 08:08 - 2017-08-22 08:08 - 000000000 ____D C:\Users\tljag\Desktop\mbar 2017-08-22 07:57 - 2017-08-22 07:57 - 016564750 _____ (Malwarebytes Corp.) C:\Users\tljag\Downloads\mbar-1.09.4.1001(1).exe 2017-08-22 07:41 - 2017-08-22 07:41 - 000000000 _____ C:\Windows\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2017-08-22 07:41 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll 2017-08-22 07:41 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cisB710.exe 2017-08-22 07:40 - 2015-06-16 10:41 - 000042624 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PsBoot.sys 2017-08-22 07:22 - 2017-08-22 07:22 - 000000000 ___HD C:\VTRoot 2017-08-22 06:40 - 2017-08-22 06:41 - 016564750 _____ (Malwarebytes Corp.) C:\Users\tljag\Downloads\mbar-1.09.4.1001.exe 2017-08-22 05:36 - 2017-08-22 08:05 - 000073876 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-08-22 05:36 - 2017-08-22 07:35 - 000075554 _____ C:\Windows\ZAM.krnl.trace 2017-08-22 05:36 - 2017-08-22 05:36 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2017-08-21 22:36 - 2017-08-22 07:36 - 000000000 ____D C:\Users\tljag\AppData\Local\Zemana 2017-08-21 20:52 - 2017-08-21 20:53 - 000404244 _____ C:\Windows\Minidump\082117-27703-01.dmp 2017-08-21 20:52 - 2017-08-21 20:52 - 1865450566 _____ C:\Windows\MEMORY.DMP 2017-08-21 20:52 - 2017-08-21 20:52 - 000000000 ____D C:\Windows\Minidump 2017-08-21 20:47 - 2017-08-21 20:47 - 000000000 ____D C:\Users\tljag\AppData\Local\CrashDumps 2017-08-21 17:00 - 2017-08-21 16:34 - 000380928 _____ C:\Users\tljag\Desktop\yxm9r0dv.exe 2017-08-21 17:00 - 2017-08-21 16:33 - 174079424 _____ (Sophos Limited) C:\Users\tljag\Desktop\Sophos Virus Removal Tool.exe 2017-08-21 16:04 - 2017-08-22 07:38 - 000000000 ____D C:\Program Files\Reimage 2017-08-21 16:04 - 2017-08-21 16:05 - 000000000 ____D C:\rei 2017-08-21 16:04 - 2017-08-21 16:04 - 000001984 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 2017-08-21 16:04 - 2017-08-21 16:04 - 000000344 _____ C:\Windows\Tasks\ReimageUpdater.job 2017-08-21 16:04 - 2017-08-21 16:04 - 000000000 ____D C:\ProgramData\Reimage Protector 2017-08-21 16:02 - 2017-08-22 08:06 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys 2017-08-21 15:52 - 2017-08-21 16:05 - 000000140 _____ C:\Windows\Reimage.ini 2017-08-21 13:39 - 2017-08-22 08:07 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-08-21 13:29 - 2017-08-22 07:47 - 000000000 ____D C:\Windows\pss 2017-08-21 13:12 - 2017-08-22 08:05 - 000042798 _____ C:\Windows\system32\Drivers\fvstore.dat 2017-08-21 09:04 - 2017-08-21 22:30 - 000002094 _____ C:\Users\tljag\Desktop\Rkill.txt 2017-08-21 08:54 - 2017-08-22 07:50 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Panda Security 2017-08-21 08:49 - 2017-08-22 07:51 - 000000000 ____D C:\ProgramData\Panda Security 2017-08-21 08:41 - 2017-08-22 08:05 - 001474832 _____ C:\Windows\system32\Drivers\sfi.dat 2017-08-21 08:41 - 2017-08-21 08:41 - 000000000 ____D C:\Windows\System32\Tasks\COMODO 2017-08-21 08:40 - 2017-08-21 08:40 - 000000000 ____D C:\Program Files\COMODO 2017-08-21 08:38 - 2017-08-21 08:38 - 000000000 ____D C:\ProgramData\Shared Space 2017-08-21 08:38 - 2017-08-21 08:38 - 000000000 ____D C:\ProgramData\Comodo Downloader 2017-08-21 08:38 - 2017-08-21 08:38 - 000000000 ____D C:\ProgramData\Comodo 2017-08-21 07:58 - 2017-08-21 07:58 - 000000000 _____ C:\autoexec.bat 2017-08-21 07:46 - 2017-08-21 07:47 - 016563352 _____ (Malwarebytes Corp.) C:\Users\tljag\Desktop\mbar-1.09.3.1001.exe 2017-08-21 07:39 - 2017-08-21 07:42 - 016563352 _____ (Malwarebytes Corp.) C:\Users\tljag\Desktop\tada.exe 2017-08-20 20:43 - 2017-08-21 13:09 - 000000000 ____D C:\Users\tljag\AppData\Local\llssoft 2017-08-20 20:43 - 2017-08-21 09:17 - 000000000 ____D C:\Users\tljag\AppData\Local\regtool 2017-08-20 20:43 - 2017-08-20 20:43 - 000000000 ____D C:\Users\tljag\AppData\Local\vgarvsl 2017-08-20 20:43 - 2017-08-20 20:43 - 000000000 ____D C:\Users\tljag\AppData\Local\CEF 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Windows\SysWOW64\vmanrty 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Windows\system32\vmanrty 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Roaming\et 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Local\qhneoz 2017-08-20 20:37 - 2017-08-20 21:11 - 000000000 ____D C:\Users\tljag\AppData\Roaming\AGData 2017-08-20 20:34 - 2017-08-20 20:43 - 000000000 ____D C:\Program Files (x86)\Windows Install Logic 2017-08-20 17:41 - 2017-08-20 17:41 - 000000000 ____D C:\ProgramData\RedFox 2017-08-20 17:41 - 2017-08-20 17:41 - 000000000 ____D C:\Program Files (x86)\RedFox 2017-08-20 17:18 - 2017-08-20 17:18 - 000000000 ____D C:\Users\tljag\AppData\Roaming\HandBrake Team 2017-08-20 17:07 - 2017-08-20 17:07 - 007178424 _____ (VS Revo Group ) C:\Users\tljag\Downloads\revosetup.exe 2017-08-20 17:07 - 2017-08-20 17:07 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2017-08-18 17:04 - 2017-08-18 17:04 - 003338249 _____ C:\Users\tljag\Downloads\2015-Senor-Tequila-Menu.pdf 2017-08-18 17:04 - 2017-08-18 17:04 - 003338249 _____ C:\Users\tljag\Downloads\2015-Senor-Tequila-Menu(1).pdf 2017-08-18 16:43 - 2017-08-18 16:43 - 000199391 _____ C:\Users\tljag\Downloads\report(11).pdf 2017-08-18 16:42 - 2017-08-18 16:42 - 000306551 _____ C:\Users\tljag\Downloads\report(10).pdf 2017-08-16 18:07 - 2017-08-16 18:07 - 000572577 _____ C:\Users\tljag\Downloads\Credit App New.pdf 2017-08-16 18:07 - 2017-08-16 18:07 - 000234791 _____ C:\Users\tljag\Downloads\US Credit Application 2017.pdf 2017-08-14 13:27 - 2017-08-14 13:27 - 000409875 _____ C:\Users\tljag\Documents\Green Tech Rotary Lift install Bid.pdf 2017-08-14 12:42 - 2017-08-14 12:42 - 000550171 _____ C:\Users\tljag\Downloads\32_F01_FIXTURE PLAN AND NOTES.pdf 2017-08-14 10:05 - 2017-08-14 10:05 - 035041122 _____ C:\Users\tljag\Downloads\Exide_Tradesheets_Edge-AGM_012117.pdf 2017-08-12 10:18 - 2017-08-12 10:18 - 001194458 _____ C:\Users\tljag\Documents\ticket 1314768.pdf 2017-08-12 10:09 - 2017-08-12 10:09 - 000384343 _____ C:\Users\tljag\Documents\img20170812_10093899.pdf 2017-08-12 10:07 - 2017-08-12 10:07 - 000001660 _____ C:\Users\tljag\Desktop\EndlessSky.exe - Shortcut.lnk 2017-08-12 10:05 - 2017-08-12 10:05 - 000398013 _____ C:\Users\tljag\Documents\15926.pdf 2017-08-11 22:32 - 2017-08-12 10:01 - 000407771 _____ C:\Users\tljag\Documents\est 122916.pdf 2017-08-11 21:38 - 2017-08-11 21:38 - 000359745 _____ C:\Users\tljag\Downloads\15924.pdf 2017-08-11 10:48 - 2017-08-11 10:48 - 000242108 _____ C:\Users\tljag\Downloads\report(9).pdf 2017-08-11 10:48 - 2017-08-11 10:48 - 000242058 _____ C:\Users\tljag\Downloads\report(8).pdf 2017-08-11 10:40 - 2017-08-11 10:40 - 001009942 _____ C:\Users\tljag\Downloads\PB5-9-2-3c(1).pdf 2017-08-10 20:25 - 2017-08-12 02:25 - 000000000 ____D C:\Users\tljag\AppData\Roaming\endless-sky 2017-08-10 20:25 - 2017-08-10 20:25 - 000000000 ____D C:\Users\tljag\AppData\Local\AMD 2017-08-10 20:22 - 2017-08-10 20:22 - 000000000 ____D C:\Users\tljag\Documents\endless-sky-win64-0.9.7 2017-08-10 19:35 - 2017-08-10 19:35 - 000198263 _____ C:\Users\tljag\Downloads\McFarlane, Jamie - [Privateer Tales 2] - Fool Me Once (2014, Fickle Dragon Publishing)(1).epub 2017-08-10 19:34 - 2017-08-10 19:34 - 000366871 _____ C:\Users\tljag\Downloads\McFarlane, Jamie - [Privateer Tales 1] - Rookie Privateer (2014, Fickle Dragon Publishing)(1).epub 2017-08-09 13:31 - 2017-08-09 13:31 - 000033114 _____ C:\Users\tljag\Downloads\Youth-Soccer-FAQ-002.pdf 2017-08-09 12:49 - 2017-05-10 13:08 - 000053760 _____ C:\Users\tljag\Desktop\Rotary Phone listing.xls 2017-08-09 09:07 - 2017-08-09 09:07 - 000613676 _____ C:\Users\tljag\Downloads\01306443.pdf 2017-08-09 09:07 - 2017-08-09 09:07 - 000613676 _____ C:\Users\tljag\Downloads\01306443(1).pdf 2017-08-08 19:30 - 2017-08-08 19:32 - 000000000 ____D C:\Users\tljag\Desktop\photos 2017-08-08 18:01 - 2017-08-08 18:01 - 000467469 _____ C:\Users\tljag\Downloads\55_S6_MISC DETAILS.PDF 2017-08-08 15:29 - 2017-08-08 15:29 - 000306664 _____ C:\Users\tljag\Downloads\report(6).pdf 2017-08-08 15:29 - 2017-08-08 15:29 - 000199391 _____ C:\Users\tljag\Downloads\report(7).pdf 2017-08-08 13:51 - 2017-08-08 13:51 - 000001948 _____ C:\Users\tljag\Downloads\2017-08-08_8817 fs.pdf 2017-08-08 13:43 - 2017-08-08 13:43 - 001962106 _____ C:\Users\tljag\Downloads\PB19-7a.pdf 2017-08-08 13:35 - 2017-08-08 13:35 - 000943862 _____ C:\Users\tljag\Downloads\pb2-5-6r.pdf 2017-08-08 13:33 - 2017-08-08 13:34 - 000846534 _____ C:\Users\tljag\Downloads\pb2-5-6m(1).pdf 2017-08-08 13:23 - 2017-08-08 13:23 - 001656534 _____ C:\Users\tljag\Downloads\report(5).pdf 2017-08-08 13:15 - 2017-08-08 13:15 - 002840726 _____ C:\Users\tljag\Downloads\pb5-12-5n.pdf 2017-08-08 10:59 - 2017-08-08 10:59 - 000430815 _____ C:\Users\tljag\Downloads\np698.pdf 2017-08-08 09:27 - 2017-08-08 09:27 - 000162925 _____ C:\Users\tljag\Downloads\billimageJul212017.pdf 2017-08-08 09:17 - 2017-08-08 09:17 - 000149053 _____ C:\Users\tljag\Downloads\ACFrOgBYu7jlXBuF1-JKaFpX2BWdIbvCZxlUgJlCJBGWqiG4Hxy0cF8ovmmE8MTY_q0Q2xYPxydwQEnZWfEE3Ryx4mnwXakhp7Oi5wSSTdEDSGHCmmPOYXkfWiatWuE=(1) 2017-08-08 09:14 - 2017-08-08 09:14 - 000149053 _____ C:\Users\tljag\Downloads\ACFrOgBYu7jlXBuF1-JKaFpX2BWdIbvCZxlUgJlCJBGWqiG4Hxy0cF8ovmmE8MTY_q0Q2xYPxydwQEnZWfEE3Ryx4mnwXakhp7Oi5wSSTdEDSGHCmmPOYXkfWiatWuE= 2017-08-07 12:48 - 2017-08-07 12:48 - 000301874 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(7).pdf 2017-08-07 11:00 - 2017-08-07 11:00 - 000306824 _____ C:\Users\tljag\Downloads\report(4).pdf 2017-08-03 10:24 - 2017-08-03 10:25 - 000229764 _____ C:\Users\tljag\Documents\img20170803_10245428.pdf 2017-08-03 09:53 - 2017-08-03 09:53 - 000034276 _____ C:\Users\tljag\Downloads\ST8A.pdf 2017-08-03 09:52 - 2017-08-03 09:52 - 000160074 _____ C:\Users\tljag\Downloads\ST8.pdf 2017-07-31 23:40 - 2017-07-31 23:40 - 000304633 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(6).pdf 2017-07-31 23:39 - 2017-07-31 23:39 - 000239749 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(5).pdf 2017-07-31 23:34 - 2017-07-31 23:34 - 000000000 ____D C:\Users\tljag\Documents\Calibre Library deleted hgxrdf 2017-07-31 15:48 - 2017-07-31 15:59 - 000945662 _____ C:\Users\tljag\Documents\volvocars Binder1.pdf 2017-07-31 14:57 - 2017-07-31 14:57 - 001009942 _____ C:\Users\tljag\Downloads\PB5-9-2-3c.pdf 2017-07-31 14:52 - 2017-07-31 14:52 - 000654125 _____ C:\Users\tljag\Downloads\PB25-2b.pdf 2017-07-29 15:33 - 2017-07-29 15:33 - 000002584 _____ C:\Users\tljag\Downloads\2017-07-29_stock 7.29.17.pdf 2017-07-28 17:58 - 2017-07-28 17:58 - 001394388 _____ C:\Users\tljag\Downloads\6aff4f_80382ed8d37d49bdbc601a815b42af5c.pdf 2017-07-28 13:00 - 2017-07-28 13:00 - 000701231 _____ C:\Users\tljag\Downloads\fsersdcd.pdf 2017-07-27 12:07 - 2017-07-27 12:07 - 000205700 _____ C:\Users\tljag\Documents\img20170727_12073600.pdf 2017-07-27 11:59 - 2017-07-27 11:59 - 000239119 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(4).pdf 2017-07-27 10:17 - 2017-07-27 10:17 - 003161072 _____ (Blizzard Entertainment) C:\Users\tljag\Downloads\StarCraft-Setup.exe 2017-07-27 09:53 - 2017-07-27 09:53 - 000161092 _____ C:\Users\tljag\Documents\img20170727_09533478.pdf 2017-07-27 09:43 - 2017-07-27 09:43 - 000242580 _____ C:\Users\tljag\Downloads\report(3).pdf 2017-07-27 09:39 - 2017-07-27 09:39 - 000212151 _____ C:\Users\tljag\Documents\img20170727_09390712.pdf 2017-07-27 09:32 - 2017-07-27 09:32 - 000307253 _____ C:\Users\tljag\Downloads\report(2).pdf 2017-07-26 22:43 - 2017-07-26 22:46 - 105151604 _____ C:\Users\tljag\Downloads\Brown, Jeffrey - [Star Wars, Jedi Academy 1] - Jedi Academy (2014).azw3 2017-07-26 22:43 - 2017-07-26 22:44 - 039047196 _____ C:\Users\tljag\Downloads\Brown, Jeffrey - [Star Wars, Jedi Academy 2] - Return of the Padawan (2015).azw3 2017-07-26 22:43 - 2017-07-26 22:43 - 001030556 _____ C:\Users\tljag\Downloads\Zahn, Timothy - [Star Wars_ Legends - New Rlic Era, SW0415, Hand of Thrawn 1] - Specter of the Past (978-0-307-79615-8).epub 2017-07-26 22:42 - 2017-07-26 22:43 - 023068080 _____ C:\Users\tljag\Downloads\Brown, Jeffrey - [Star Wars- Jedi Academy 3] - The Phantom Bully .azw3 2017-07-26 22:42 - 2017-07-26 22:42 - 000441878 _____ C:\Users\tljag\Downloads\Zahn, Timothy - [Star Wars_ 9 ABY 3] - Star Wars_ Thrawn Trilogy_ The Last Command (1993, Bantam Books, 9780553091861).epub 2017-07-26 22:42 - 2017-07-26 22:42 - 000434287 _____ C:\Users\tljag\Downloads\Zahn, Timothy - [Thrawn Trilogy 2] - Dark Force Rising (2012).epub 2017-07-26 21:07 - 2017-07-26 21:07 - 000132217 _____ C:\Users\tljag\Downloads\UPDATED-LUNCH-CHARGING-INFORMATION(1).pdf 2017-07-26 20:42 - 2017-07-26 20:42 - 000132217 _____ C:\Users\tljag\Downloads\UPDATED-LUNCH-CHARGING-INFORMATION.pdf 2017-07-26 16:58 - 2017-07-26 16:58 - 000303653 _____ C:\Users\tljag\Downloads\ACFrOgDCK-66_Kgsy6UFobqrMjy9vo3JfuhrSfOPUVpfFAwi5UyRl1eGQ7bzpe2_XEttmTFCdiVw07u2iMndLXntIfm_UQNhNnQA-Bc5rw7Ag7J3QZkpLy_MiCRlQuQ= 2017-07-26 16:25 - 2017-07-26 16:25 - 000307253 _____ C:\Users\tljag\Downloads\report(1).pdf 2017-07-26 16:17 - 2017-07-26 16:17 - 000242580 _____ C:\Users\tljag\Downloads\report.pdf 2017-07-26 15:49 - 2017-07-26 15:49 - 000280754 _____ C:\Users\tljag\Documents\img20170726_15490561.pdf 2017-07-26 15:49 - 2017-07-26 15:49 - 000239114 _____ C:\Users\tljag\Documents\img20170726_15490555.pdf 2017-07-26 14:26 - 2017-07-26 14:26 - 000983341 _____ C:\Users\tljag\Documents\manitowoc 2post.pdf 2017-07-26 14:25 - 2017-07-26 14:25 - 001235084 _____ C:\Users\tljag\Downloads\Manitowoc_Gilbarco.pdf 2017-07-26 12:55 - 2017-07-26 12:55 - 000015059 _____ C:\Users\tljag\Downloads\google.csv 2017-07-26 10:23 - 2017-07-26 10:23 - 003046664 _____ C:\Users\tljag\Downloads\PB2-2-44ad.pdf 2017-07-26 09:46 - 2017-07-26 09:46 - 000846534 _____ C:\Users\tljag\Downloads\pb2-5-6m.pdf 2017-07-26 09:29 - 2017-07-26 09:29 - 000198263 _____ C:\Users\tljag\Downloads\McFarlane, Jamie - [Privateer Tales 2] - Fool Me Once (2014, Fickle Dragon Publishing).epub 2017-07-26 09:28 - 2017-07-26 09:28 - 000366871 _____ C:\Users\tljag\Downloads\McFarlane, Jamie - [Privateer Tales 1] - Rookie Privateer (2014, Fickle Dragon Publishing).epub 2017-07-26 09:28 - 2017-07-26 09:28 - 000281697 _____ C:\Users\tljag\Downloads\McFarlane, Jamie - [Witchy World 1] - Wizard in a Witchy World (2016, Fickle Dragon Publishing, 1-943792-08-9,978-1-943792-08-5).epub 2017-07-19 11:24 - 2017-07-19 11:24 - 000458608 _____ C:\Users\tljag\Documents\capp.pdf 2017-07-19 11:21 - 2017-07-19 11:21 - 000169512 _____ C:\Users\tljag\Documents\capp2.pdf 2017-07-19 11:21 - 2017-07-19 11:21 - 000149508 _____ C:\Users\tljag\Documents\capp1.pdf 2017-07-19 11:21 - 2017-07-19 11:21 - 000135043 _____ C:\Users\tljag\Documents\capp3.pdf 2017-07-19 10:42 - 2017-07-19 10:42 - 000526741 _____ C:\Users\tljag\Downloads\ACFrOgCcbH4DlS33F8HVegS5C58P09rjtPWRn6zISVM4FJ8pM1TPQeqFGLG9qn3pB3m0Cc1uh3RGucIWdyL0sYrOHnbIXvEIjk7XFoPYmQqzCHUKeXc8jjLJSJkf88k= 2017-07-19 10:42 - 2017-07-19 10:42 - 000473253 _____ C:\Users\tljag\Downloads\VSG Credit Application.pdf 2017-07-18 09:51 - 2017-08-19 15:41 - 000000000 ____D C:\Users\tljag\Documents\Calibre Library 2017-07-18 09:51 - 2017-07-18 09:57 - 000000000 ____D C:\Users\tljag\AppData\Roaming\calibre 2017-07-18 09:51 - 2017-07-18 09:51 - 000000000 ____D C:\Users\tljag\AppData\Local\calibre-cache 2017-07-17 22:56 - 2017-07-17 22:56 - 000001029 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk 2017-07-17 22:56 - 2017-07-17 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2017-07-17 22:56 - 2017-07-17 22:56 - 000000000 ____D C:\Program Files (x86)\Calibre2 2017-07-17 22:34 - 2017-07-17 22:34 - 017179047 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - [BERENSTAIN BEARS 1] - The Berenstain Bears and the Bears' Vacation (1968, Random House Children's Books, 9780394800523).mobi 2017-07-17 22:34 - 2017-07-17 22:34 - 016053660 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - [BERENSTAIN BEARS 1] - The Berenstain Bears and the Big Honey Hunt (1962, Random House Children's Books, 9780394800288).mobi 2017-07-17 22:34 - 2017-07-17 22:34 - 015098340 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - [BERENSTAIN BEARS 1] - The Berenstain Bears and the Bike Lesson (1964, Random House Children's Books, 9780394800363).mobi 2017-07-17 22:34 - 2017-07-17 22:34 - 011517734 _____ C:\Users\tljag\Downloads\Berenstain, Stan - The Berenstain Bears and the Double Dare (2012, Random House Children's Books, 9780394897486,9780449812631).epub 2017-07-17 22:34 - 2017-07-17 22:34 - 010905778 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - The Berenstain Bears and the Mama's Day Surprise (2004, Random House Digital, Inc., 4834884627,978-0-375-98762-5).epub 2017-07-17 22:33 - 2017-07-17 22:34 - 017180897 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - [BEREN] - The Berenstain Bears and the Bear Detectives_ The Case of the Missing Pumpkin (1975, Beginner Books, 9780394831275).mobi 2017-07-17 22:33 - 2017-07-17 22:33 - 029409524 _____ C:\Users\tljag\Downloads\Clifford's First Christmas (2010, Scholastic).cbz 2017-07-17 22:33 - 2017-07-17 22:33 - 028347589 _____ C:\Users\tljag\Downloads\Clifford's First Halloween (2010, Scholastic).cbz 2017-07-17 22:33 - 2017-07-17 22:33 - 013903757 _____ C:\Users\tljag\Downloads\Clifford's Pals (1985, Shcolastik).cbr 2017-07-17 22:33 - 2017-07-17 22:33 - 008439146 _____ C:\Users\tljag\Downloads\Bears, Berenstain - First Time Books - The Birds, the Bees, and the Berenstain Bears (2011, Random House Children's Books, 9780375986925).epub 2017-07-17 22:33 - 2017-07-17 22:33 - 006837425 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Berenstain, Jan - [BERENSTAIN BEARS 1] - The Berenstain Bears and the Bears in the Night (1971, Random House Children's Books, 9780375983245).mobi 2017-07-17 22:33 - 2017-07-17 22:33 - 002291536 _____ C:\Users\tljag\Downloads\Berenstain, Stan & Mike, Berenstain & Berenstain, Jan - The Berenstain Bears (2011, Zonderkidz).mobi 2017-07-17 22:32 - 2017-07-17 22:33 - 003363855 _____ C:\Users\tljag\Downloads\Bridwell, Norman - Clifford the Big Red Dog (2012).pdf 2017-07-17 22:27 - 2017-07-17 22:28 - 005061641 _____ C:\Users\tljag\Downloads\Seuss, Dr - [I Can Read It All by Myself] - Green Eggs and Ham (2013, Beginner Books - Random House, 978-0-394-80016-5,978-0-394-90016-2,978-0-385-37199-5).epub 2017-07-17 22:27 - 2017-07-17 22:27 - 007518345 _____ C:\Users\tljag\Downloads\Seuss, Dr - Horton Hatches the Egg (1940, Random House).epub 2017-07-17 22:27 - 2017-07-17 22:27 - 005912858 _____ C:\Users\tljag\Downloads\Seuss, Dr - The Sneetches and Other Stories (2013, Random House, 978-0-394-80089-9,978-0-394-90089-6,978-0-385-37360-9).epub 2017-07-17 22:27 - 2017-07-17 22:27 - 003825438 _____ C:\Users\tljag\Downloads\SeussHop On Pop .pdf 2017-07-17 22:27 - 2017-07-17 22:27 - 003825438 _____ C:\Users\tljag\Downloads\SeussHop On Pop (1).pdf 2017-07-17 22:27 - 2017-07-17 22:27 - 003666746 _____ C:\Users\tljag\Downloads\Adler, David A - [Cam Jansen 2] - Cam Jansen and the Mystery of the UFO ( Penguin USA, Inc.)(1).epub 2017-07-17 22:27 - 2017-07-17 22:27 - 003568876 _____ C:\Users\tljag\Downloads\Adler, David A - [Cam Jansen 1] - Cam Jansen and the Mystery of Stolen Diamonds (2010, Penguin USA, Inc.)(1).epub 2017-07-17 22:23 - 2017-07-17 22:23 - 003666746 _____ C:\Users\tljag\Downloads\Adler, David A - [Cam Jansen 2] - Cam Jansen and the Mystery of the UFO ( Penguin USA, Inc.).epub 2017-07-17 22:23 - 2017-07-17 22:23 - 003568876 _____ C:\Users\tljag\Downloads\Adler, David A - [Cam Jansen 1] - Cam Jansen and the Mystery of Stolen Diamonds (2010, Penguin USA, Inc.).epub 2017-07-17 22:21 - 2017-07-17 22:21 - 061935616 _____ C:\Users\tljag\Downloads\calibre-3.4.0.msi 2017-07-17 22:21 - 2017-07-17 22:21 - 012994317 _____ C:\Users\tljag\Downloads\McCloskey, Robert - Make Way for the Ducklings .pdf 2017-07-17 22:19 - 2017-07-17 22:19 - 008488515 _____ C:\Users\tljag\Downloads\Gramatky, Hardie - [Little Toot 1] - Little Toot (2013 0-440-84229-8).pdf 2017-07-17 22:19 - 2017-07-17 22:19 - 001656867 _____ C:\Users\tljag\Downloads\Arnold, Lobel - [Frog And Toad 1] - Frog and Toad Are Friends (1969, Harper).epub 2017-07-17 21:14 - 2017-07-17 21:14 - 000869169 _____ C:\Users\tljag\Documents\Ticket 01311702.pdf 2017-07-17 21:13 - 2017-07-17 21:13 - 000264679 _____ C:\Users\tljag\Documents\delk.pdf 2017-07-17 21:04 - 2017-07-17 21:04 - 000599249 _____ C:\Users\tljag\Documents\del.pdf 2017-07-17 21:01 - 2017-07-17 21:01 - 000239119 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(3).pdf 2017-07-17 20:13 - 2017-07-17 20:28 - 000000000 ____D C:\Users\tljag\Desktop\phone s3 2017-07-17 19:22 - 2017-08-20 20:51 - 000002482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-07-17 19:22 - 2017-08-20 20:51 - 000002470 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-07-17 19:21 - 2017-07-17 19:22 - 000000000 ____D C:\Users\tljag\AppData\Local\Google 2017-07-17 19:21 - 2017-07-17 19:22 - 000000000 ____D C:\Program Files (x86)\Google 2017-07-17 19:21 - 2017-07-17 19:21 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-07-17 19:21 - 2017-07-17 19:21 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-07-17 18:58 - 2017-07-17 18:58 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Macromedia 2017-07-16 21:57 - 2017-08-22 00:03 - 000000000 ____D C:\Program Files (x86)\DVDFab 10 2017-07-16 21:52 - 2017-07-16 21:52 - 000000000 ____D C:\Users\tljag\Documents\DVDFab10 2017-07-16 21:51 - 2017-07-16 22:29 - 000000000 ____D C:\Program Files\7-Zip 2017-07-16 19:23 - 2017-07-16 19:23 - 000000000 ____D C:\Users\tljag\AppData\Roaming\379 2017-07-16 19:11 - 2017-08-20 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2017-07-16 19:11 - 2017-07-16 19:11 - 000000000 ____D C:\Program Files\VS Revo Group 2017-07-16 18:45 - 2017-07-16 18:45 - 000000000 ____D C:\Users\tljag\Documents\DVDFab9 2017-07-14 10:57 - 2017-07-14 10:57 - 004719517 _____ C:\Users\tljag\Downloads\Rotary_Drive On Runway VIEW Brochure_2017.05-VIEW.pdf 2017-07-14 10:48 - 2017-07-14 10:48 - 001154099 _____ C:\Users\tljag\Downloads\Y12 Lift Cutsheet 2013.07..pdf 2017-07-13 18:31 - 2017-07-13 18:31 - 000206922 _____ C:\Users\tljag\Documents\img20170713_18312877.pdf 2017-07-13 18:21 - 2017-07-13 18:21 - 000212886 _____ C:\Users\tljag\Documents\img20170713_18210302.pdf 2017-07-13 18:16 - 2017-07-13 18:16 - 000204712 _____ C:\Users\tljag\Documents\img20170713_18161524.pdf 2017-07-13 11:55 - 2017-07-13 11:55 - 000197007 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(2).pdf 2017-07-13 11:54 - 2017-07-13 11:54 - 000304188 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder(1).pdf 2017-07-11 20:13 - 2017-07-11 20:13 - 000254673 _____ C:\Users\tljag\Desktop\Y lift electric.pdf 2017-07-11 20:10 - 2017-07-11 20:10 - 004889511 _____ C:\Users\tljag\Downloads\IN20640k(1).pdf 2017-07-11 18:49 - 2017-07-11 18:49 - 001139654 _____ C:\Users\tljag\Downloads\PB2-2-19-1.pdf 2017-07-11 17:00 - 2017-07-11 17:00 - 000047717 _____ C:\Users\tljag\Downloads\20170530154109936.pdf 2017-07-10 20:51 - 2017-07-10 20:51 - 002322634 _____ C:\Users\tljag\Downloads\pb22-3-1L.pdf 2017-07-10 08:54 - 2017-07-10 08:54 - 000104857 _____ C:\Users\tljag\Downloads\Green ID Cards.pdf 2017-07-08 22:27 - 2017-07-08 22:27 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 2017-07-08 22:06 - 2017-07-31 11:00 - 000064512 _____ C:\Users\tljag\Desktop\money-manager-for-kids (version 1).xls 2017-07-08 22:00 - 2017-07-08 22:00 - 000030355 _____ C:\Users\tljag\Desktop\money-manager-for-kids (version 1).xlsx 2017-07-08 21:22 - 2017-07-08 21:22 - 000034885 ____R C:\Users\tljag\Downloads\money-manager-for-kids.xlsx 2017-07-06 16:35 - 2017-07-06 16:35 - 000214127 _____ C:\Users\tljag\Documents\img20170706_16354894.pdf 2017-07-06 16:35 - 2017-07-06 16:35 - 000143193 _____ C:\Users\tljag\Documents\img20170706_16354904.pdf 2017-07-06 16:18 - 2017-07-06 16:18 - 000293691 _____ C:\Users\tljag\Downloads\AccountServiceServiceOrder.pdf 2017-07-06 12:21 - 2017-07-06 12:21 - 000292329 _____ C:\Users\tljag\Downloads\ACFrOgDs-6eNMSrqItGdjDOfEVdZE7MZpFWZ0AzvHsr4aFebwvL29siHXFgh7QDbD38qmfV_hTCtGF4X00rW-YO4QvJnp9quqrxi8l-E6Qq2mbQmLEv6e1jB2pPkMew= 2017-07-05 10:21 - 2017-07-05 10:21 - 000349500 _____ C:\Users\tljag\Downloads\Spec0171 Pit Drawings(1).pdf 2017-07-05 10:02 - 2017-07-05 10:03 - 004889511 _____ C:\Users\tljag\Downloads\IN20640k.pdf 2017-07-03 13:41 - 2017-07-03 13:41 - 000086713 _____ C:\Users\tljag\Downloads\pdf(5) 2017-07-03 13:39 - 2017-07-03 13:39 - 000066910 _____ C:\Users\tljag\Downloads\pdf(4) 2017-07-03 12:53 - 2017-07-03 12:53 - 000034660 _____ C:\Users\tljag\Downloads\pdf(3) 2017-07-03 12:52 - 2017-07-03 12:52 - 000061093 _____ C:\Users\tljag\Downloads\pdf(2) 2017-07-03 12:51 - 2017-07-03 12:51 - 000050525 _____ C:\Users\tljag\Downloads\pdf(1) 2017-07-03 12:45 - 2017-07-03 12:45 - 000044900 _____ C:\Users\tljag\Downloads\pdf 2017-07-03 12:33 - 2017-07-03 12:33 - 000949149 _____ C:\Users\tljag\Downloads\RWBG_2017_Poster.pdf 2017-06-29 16:31 - 2017-06-29 16:31 - 000003028 _____ C:\Users\tljag\Downloads\2017-06-29_6-29-2017.pdf 2017-06-29 09:54 - 2017-06-29 09:54 - 002452779 _____ C:\Users\tljag\Desktop\RLP pit.pdf 2017-06-29 09:50 - 2017-06-29 09:50 - 002756888 _____ C:\Users\tljag\Downloads\IN20755a%20English.pdf 2017-06-29 09:48 - 2017-06-29 09:48 - 000349500 _____ C:\Users\tljag\Downloads\Spec0171 Pit Drawings.pdf 2017-06-28 20:17 - 2017-06-28 20:17 - 000000000 ____D C:\Program Files\Samsung 2017-06-28 20:17 - 2017-01-16 02:26 - 000165504 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys 2017-06-28 20:17 - 2017-01-16 02:26 - 000131712 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys 2017-06-28 20:16 - 2017-06-28 20:16 - 000000000 ____D C:\Users\tljag\AppData\Roaming\VERIZON 2017-06-28 20:16 - 2017-06-28 20:16 - 000000000 ____D C:\Users\Public\Documents\Verizon2.0_Log 2017-06-28 20:16 - 2017-06-28 20:16 - 000000000 ____D C:\ProgramData\Samsung 2017-06-28 12:57 - 2017-06-28 12:57 - 000166504 _____ C:\Users\tljag\Documents\img20170628_12571205.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000240791 _____ C:\Users\tljag\Documents\02.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000239883 _____ C:\Users\tljag\Documents\03.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000239870 _____ C:\Users\tljag\Documents\01.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000238439 _____ C:\Users\tljag\Documents\10.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000237887 _____ C:\Users\tljag\Documents\06.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000237819 _____ C:\Users\tljag\Documents\05.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000237809 _____ C:\Users\tljag\Documents\08.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000237457 _____ C:\Users\tljag\Documents\09.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000236151 _____ C:\Users\tljag\Documents\04.pdf 2017-06-28 11:18 - 2017-06-28 11:18 - 000216089 _____ C:\Users\tljag\Documents\ticket 1283327.pdf 2017-06-27 20:56 - 2017-06-27 20:57 - 001236885 _____ C:\Users\tljag\Downloads\Connelly, Michael - [The Harry Bosch Novels 4-6] - The Harry Bosch Novels Volume 2 (2000, Little, Brown & Company).epub 2017-06-27 20:56 - 2017-06-27 20:56 - 001248772 _____ C:\Users\tljag\Downloads\Connelly, Michael - [Harry Bosch Series 1-3] - The Harry Bosch Novels Volume 1 (2001, Hachette Digital, Inc.).epub 2017-06-27 20:56 - 2017-06-27 20:56 - 000375857 _____ C:\Users\tljag\Downloads\Connelly, Michael - [Harry Bosch 1] - Black Echo (2010).epub 2017-06-27 13:40 - 2017-06-27 13:40 - 004792264 _____ C:\Users\tljag\Downloads\Ralph_Wood_The_Gospel_According_to_Tolkien_Visions_of_the_Kingdom_in_Middle-Earth.pdf 2017-06-26 01:00 - 2017-07-15 08:29 - 000000000 ____D C:\ProgramData\devnull 2017-06-26 01:00 - 2017-06-26 01:01 - 000000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics 2017-06-26 01:00 - 2017-06-26 01:01 - 000000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics 2017-06-26 00:33 - 2017-07-15 08:29 - 000000000 ____D C:\Users\tljag\AppData\Roaming\devnull 2017-06-26 00:33 - 2017-06-26 00:33 - 000000000 ____D C:\Users\tljag\AppData\Local\AdvinstAnalytics 2017-06-26 00:24 - 2017-06-26 00:24 - 009091431 _____ C:\Users\tljag\Downloads\ACMEInstaller3 2017-06-26 00:14 - 2017-08-22 03:01 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CD4063CC-B952-44C4-8E53-C921F8CEC768} 2017-06-26 00:11 - 2017-06-26 00:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2017-06-26 00:11 - 2017-06-26 00:11 - 000000000 ____D C:\Users\tljag\AppData\Roaming\JasonRobitaille 2017-06-26 00:11 - 2017-06-26 00:11 - 000000000 ____D C:\Program Files\Palm, Inc 2017-06-26 00:11 - 2017-06-26 00:11 - 000000000 ____D C:\Program Files\DIFX 2017-06-26 00:10 - 2017-06-26 00:10 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Sun 2017-06-26 00:10 - 2017-06-26 00:10 - 000000000 ____D C:\Users\tljag\AppData\LocalLow\Sun 2017-06-26 00:10 - 2017-06-26 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-06-26 00:10 - 2017-06-26 00:09 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-06-26 00:09 - 2017-06-26 00:10 - 000000000 ____D C:\ProgramData\Oracle 2017-06-26 00:09 - 2017-06-26 00:09 - 000000000 ____D C:\Program Files (x86)\Java 2017-06-26 00:08 - 2017-06-26 00:08 - 000738368 _____ (Oracle Corporation) C:\Users\tljag\Downloads\JavaSetup8u131.exe 2017-06-26 00:07 - 2017-06-26 00:07 - 000173201 _____ C:\Users\tljag\Downloads\UniversalNovacomInstaller-1.4.1.jar 2017-06-25 16:05 - 2017-06-25 16:05 - 000164993 _____ C:\Users\tljag\Desktop\2017 Pre-Order - Inspection Labels.pdf 2017-06-24 11:26 - 2017-06-24 11:26 - 002687488 _____ C:\Users\tljag\Desktop\VSG _pp_Handbook-1.pdf 2017-06-21 23:51 - 2017-06-21 23:51 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Skype 2017-06-20 21:41 - 2017-08-20 20:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-19 19:05 - 2017-06-19 19:05 - 000001422 ____N C:\Users\Public\Desktop\Restore Report 06-19-2017 12-28-30PM.html.lnk 2017-06-19 12:28 - 2017-06-19 19:05 - 000000000 ____D C:\Users\tljag\Documents\Carbonite Restore Reports 2017-06-19 12:24 - 2017-06-19 12:24 - 000002205 ____N C:\Users\Public\Desktop\Carbonite.lnk 2017-06-19 12:24 - 2017-06-19 12:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite 2017-06-19 12:24 - 2017-06-19 12:24 - 000000000 ____D C:\ProgramData\Carbonite 2017-06-19 12:24 - 2017-06-19 12:24 - 000000000 ____D C:\Program Files\Carbonite 2017-06-19 12:24 - 2017-06-19 12:24 - 000000000 ____D C:\Program Files (x86)\Carbonite 2017-06-19 12:20 - 2017-06-19 12:21 - 017203720 _____ (Carbonite, Inc.) C:\Users\tljag\Downloads\CarboniteSetup-personal-client(1).exe 2017-06-15 14:48 - 2017-06-15 14:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility 2017-06-15 14:48 - 2017-06-15 14:48 - 000000000 ____D C:\Program Files\Bulk Rename Utility 2017-06-15 14:47 - 2017-06-15 14:47 - 009699408 _____ (TGRMN Software ) C:\Users\tljag\Downloads\BRU_setup_3.0.0.1.exe 2017-06-15 14:42 - 2017-07-17 21:07 - 000095976 _____ C:\Users\tljag\AppData\Local\GDIPFONTCACHEV1.DAT 2017-06-14 10:08 - 2017-06-14 10:08 - 000023317 _____ C:\Users\tljag\Documents\img20170614_10085261.pdf 2017-06-14 10:06 - 2017-06-14 10:06 - 000083604 _____ C:\Users\tljag\Documents\img20170614_10061574.pdf 2017-06-13 19:48 - 2017-06-03 06:15 - 001596600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll 2017-06-13 19:48 - 2017-06-03 06:15 - 000750560 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe 2017-06-13 19:48 - 2017-06-03 06:15 - 000382368 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2017-06-13 19:48 - 2017-06-03 06:14 - 001147296 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2017-06-13 19:48 - 2017-06-03 06:14 - 001024928 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2017-06-13 19:48 - 2017-06-03 06:09 - 008318880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-06-13 19:48 - 2017-06-03 06:09 - 001003624 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-06-13 19:48 - 2017-06-03 06:08 - 002969880 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll 2017-06-13 19:48 - 2017-06-03 06:07 - 000923048 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2017-06-13 19:48 - 2017-06-03 06:07 - 000119712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2017-06-13 19:48 - 2017-06-03 06:02 - 002444192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2017-06-13 19:48 - 2017-06-03 06:01 - 005477096 _____ (Microsoft Corporation) C:\Windows\system32\OneCoreUAPCommonProxyStub.dll 2017-06-13 19:48 - 2017-06-03 06:00 - 000872472 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll 2017-06-13 19:48 - 2017-06-03 06:00 - 000219040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys 2017-06-13 19:48 - 2017-06-03 05:59 - 001409048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-06-13 19:48 - 2017-06-03 05:59 - 000626528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-06-13 19:48 - 2017-06-03 05:59 - 000311200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2017-06-13 19:48 - 2017-06-03 05:59 - 000259400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe 2017-06-13 19:48 - 2017-06-03 05:58 - 021352696 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2017-06-13 19:48 - 2017-06-03 05:58 - 007904784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2017-06-13 19:48 - 2017-06-03 05:58 - 000254176 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2017-06-13 19:48 - 2017-06-03 05:56 - 001854880 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll 2017-06-13 19:48 - 2017-06-03 05:55 - 002681760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2017-06-13 19:48 - 2017-06-03 05:36 - 001150784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-06-13 19:48 - 2017-06-03 05:35 - 002259768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll 2017-06-13 19:48 - 2017-06-03 05:28 - 023677440 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2017-06-13 19:48 - 2017-06-03 05:26 - 000266640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capauthz.dll 2017-06-13 19:48 - 2017-06-03 05:23 - 020373920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2017-06-13 19:48 - 2017-06-03 05:23 - 006760024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-06-13 19:48 - 2017-06-03 05:23 - 000573856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2017-06-13 19:48 - 2017-06-03 05:21 - 001516448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll 2017-06-13 19:48 - 2017-06-03 05:20 - 000583160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-06-13 19:48 - 2017-06-03 05:14 - 003673088 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2017-06-13 19:48 - 2017-06-03 05:14 - 000099328 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll 2017-06-13 19:48 - 2017-06-03 05:14 - 000047104 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2017-06-13 19:48 - 2017-06-03 05:12 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll 2017-06-13 19:48 - 2017-06-03 05:11 - 002958848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-06-13 19:48 - 2017-06-03 05:11 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2017-06-13 19:48 - 2017-06-03 05:11 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll 2017-06-13 19:48 - 2017-06-03 05:11 - 000038912 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2017-06-13 19:48 - 2017-06-03 05:11 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys 2017-06-13 19:48 - 2017-06-03 05:11 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2017-06-13 19:48 - 2017-06-03 05:10 - 000293376 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe 2017-06-13 19:48 - 2017-06-03 05:10 - 000102400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe 2017-06-13 19:48 - 2017-06-03 05:09 - 000271872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll 2017-06-13 19:48 - 2017-06-03 05:09 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\devicengccredprov.dll 2017-06-13 19:48 - 2017-06-03 05:09 - 000094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll 2017-06-13 19:48 - 2017-06-03 05:09 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2017-06-13 19:48 - 2017-06-03 05:07 - 023682048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-06-13 19:48 - 2017-06-03 05:07 - 000721920 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll 2017-06-13 19:48 - 2017-06-03 05:07 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-06-13 19:48 - 2017-06-03 05:05 - 020506624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-06-13 19:48 - 2017-06-03 05:05 - 007336448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2017-06-13 19:48 - 2017-06-03 05:05 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2017-06-13 19:48 - 2017-06-03 05:05 - 000198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll 2017-06-13 19:48 - 2017-06-03 05:05 - 000169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devicengccredprov.dll 2017-06-13 19:48 - 2017-06-03 05:04 - 012787200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-06-13 19:48 - 2017-06-03 05:04 - 000805888 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll 2017-06-13 19:48 - 2017-06-03 05:03 - 019336192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-06-13 19:48 - 2017-06-03 05:03 - 001260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe 2017-06-13 19:48 - 2017-06-03 05:03 - 000467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll 2017-06-13 19:48 - 2017-06-03 05:02 - 008245760 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2017-06-13 19:48 - 2017-06-03 05:01 - 002804736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2017-06-13 19:48 - 2017-06-03 05:00 - 003379200 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2017-06-13 19:48 - 2017-06-03 05:00 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2017-06-13 19:48 - 2017-06-03 05:00 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll 2017-06-13 19:48 - 2017-06-03 04:59 - 004730368 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-06-13 19:48 - 2017-06-03 04:59 - 002672128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-06-13 19:48 - 2017-06-03 04:59 - 002597376 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2017-06-13 19:48 - 2017-06-03 04:59 - 002056192 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys 2017-06-13 19:48 - 2017-06-03 04:59 - 001142784 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2017-06-13 19:48 - 2017-06-03 04:59 - 000975360 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-06-13 19:48 - 2017-06-03 04:59 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 005961216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 002650112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 002516480 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 001888256 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 001046016 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll 2017-06-13 19:48 - 2017-06-03 04:58 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 011870720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 006535168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe 2017-06-13 19:48 - 2017-06-03 04:57 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 002829824 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 001675264 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-06-13 19:48 - 2017-06-03 04:57 - 000797184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2017-06-13 19:48 - 2017-06-03 04:56 - 006292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-06-13 19:48 - 2017-06-03 04:55 - 003656192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-06-13 19:48 - 2017-06-03 04:55 - 002132480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-06-13 19:48 - 2017-06-03 04:55 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2017-06-13 19:48 - 2017-06-03 04:54 - 002341376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2017-06-13 19:48 - 2017-06-03 04:54 - 002298368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2017-06-13 19:48 - 2017-06-03 04:54 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\pwcreator.exe 2017-06-13 19:48 - 2017-06-03 04:53 - 004559360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2017-06-13 19:48 - 2017-05-20 05:13 - 001333136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-06-13 19:48 - 2017-05-20 04:55 - 000606960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2017-06-13 19:48 - 2017-05-20 04:48 - 004469832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2017-06-13 19:48 - 2017-05-20 04:47 - 001474800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2017-06-13 19:48 - 2017-05-20 04:46 - 005821496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll 2017-06-13 19:48 - 2017-05-20 04:46 - 001266544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-06-13 19:48 - 2017-05-20 04:46 - 000754080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll 2017-06-13 19:48 - 2017-05-20 04:45 - 000349600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-06-13 19:48 - 2017-05-20 04:44 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll 2017-06-13 19:48 - 2017-05-20 04:44 - 000181664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 005802968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 004672848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 002424016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 001529384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 001455592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 001120864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2017-06-13 19:48 - 2017-05-20 04:43 - 000354400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll 2017-06-13 19:48 - 2017-05-20 04:29 - 013840384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2017-06-13 19:48 - 2017-05-20 04:27 - 002199552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-06-13 19:48 - 2017-05-20 04:27 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll 2017-06-13 19:48 - 2017-05-20 04:26 - 000059904 _____ C:\Windows\SysWOW64\xboxgipsynthetic.dll 2017-06-13 19:48 - 2017-05-20 04:26 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll 2017-06-13 19:48 - 2017-05-20 04:25 - 000826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NPSMDesktopProvider.dll 2017-06-13 19:48 - 2017-05-20 04:25 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll 2017-06-13 19:48 - 2017-05-20 04:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll 2017-06-13 19:48 - 2017-05-20 04:23 - 006728192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2017-06-13 19:48 - 2017-05-20 04:22 - 001292288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll 2017-06-13 19:48 - 2017-05-20 04:22 - 000754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll 2017-06-13 19:48 - 2017-05-20 04:22 - 000394240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll 2017-06-13 19:48 - 2017-05-20 04:21 - 001984000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceFlows.DataModel.dll 2017-06-13 19:48 - 2017-05-20 04:21 - 000476672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll 2017-06-13 19:48 - 2017-05-20 04:21 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.Launcher.dll 2017-06-13 19:48 - 2017-05-20 04:20 - 000807424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll 2017-06-13 19:48 - 2017-05-20 04:20 - 000507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-06-13 19:48 - 2017-05-20 04:20 - 000368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe 2017-06-13 19:48 - 2017-05-20 04:20 - 000354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll 2017-06-13 19:48 - 2017-05-20 04:19 - 005719040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll 2017-06-13 19:48 - 2017-05-20 04:18 - 001450496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll 2017-06-13 19:48 - 2017-05-20 04:17 - 000952832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll 2017-06-13 19:48 - 2017-05-20 04:17 - 000909312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll 2017-06-13 19:48 - 2017-05-20 04:17 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe 2017-06-13 19:48 - 2017-05-20 04:17 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll 2017-06-13 19:48 - 2017-05-20 04:16 - 005225984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2017-06-13 19:48 - 2017-05-20 04:16 - 003667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-06-13 19:48 - 2017-05-20 04:16 - 002588160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll 2017-06-13 19:48 - 2017-05-20 04:16 - 000899584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2017-06-13 19:48 - 2017-05-20 04:15 - 002088960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll 2017-06-13 19:48 - 2017-05-20 04:14 - 004417024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-06-13 19:48 - 2017-05-20 04:14 - 004056576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll 2017-06-13 19:48 - 2017-05-20 04:14 - 002679296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll 2017-06-13 19:48 - 2017-05-20 04:14 - 002211328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll 2017-06-13 19:48 - 2017-05-20 04:14 - 001035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll 2017-06-13 19:48 - 2017-05-20 04:11 - 001536512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll 2017-06-13 19:48 - 2017-05-20 04:10 - 000332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll 2017-06-13 19:48 - 2017-05-20 04:10 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NPSM.dll 2017-06-13 19:48 - 2017-05-20 04:10 - 000089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2017-06-13 19:48 - 2017-05-20 04:08 - 000174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RstrtMgr.dll 2017-06-13 19:48 - 2017-05-20 03:08 - 000543648 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe 2017-06-13 19:48 - 2017-05-20 03:07 - 000287648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2017-06-13 19:48 - 2017-05-20 03:03 - 000777400 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2017-06-13 19:48 - 2017-05-20 02:58 - 000188824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2017-06-13 19:48 - 2017-05-20 02:56 - 004847928 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2017-06-13 19:48 - 2017-05-20 02:56 - 000712608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys 2017-06-13 19:48 - 2017-05-20 02:55 - 007325584 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll 2017-06-13 19:48 - 2017-05-20 02:55 - 001911752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2017-06-13 19:48 - 2017-05-20 02:55 - 001055648 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll 2017-06-13 19:48 - 2017-05-20 02:55 - 000211872 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll 2017-06-13 19:48 - 2017-05-20 02:54 - 000730016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2017-06-13 19:48 - 2017-05-20 02:54 - 000546208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2017-06-13 19:48 - 2017-05-20 02:54 - 000144288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys 2017-06-13 19:48 - 2017-05-20 02:53 - 000411040 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-06-13 19:48 - 2017-05-20 02:53 - 000363424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys 2017-06-13 19:48 - 2017-05-20 02:53 - 000335808 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe 2017-06-13 19:48 - 2017-05-20 02:52 - 004709528 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2017-06-13 19:48 - 2017-05-20 02:52 - 001700408 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2017-06-13 19:48 - 2017-05-20 02:51 - 006551856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll 2017-06-13 19:48 - 2017-05-20 02:51 - 002604256 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll 2017-06-13 19:48 - 2017-05-20 02:51 - 001670496 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll 2017-06-13 19:48 - 2017-05-20 02:51 - 001219560 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2017-06-13 19:48 - 2017-05-20 02:48 - 000387928 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll 2017-06-13 19:48 - 2017-05-20 02:10 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthSSO.dll 2017-06-13 19:48 - 2017-05-20 02:10 - 000361472 _____ (Microsoft Corporation) C:\Windows\system32\ConhostV2.dll 2017-06-13 19:48 - 2017-05-20 02:09 - 017365504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2017-06-13 19:48 - 2017-05-20 02:08 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll 2017-06-13 19:48 - 2017-05-20 02:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys 2017-06-13 19:48 - 2017-05-20 02:07 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys 2017-06-13 19:48 - 2017-05-20 02:07 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSaveExt.dll 2017-06-13 19:48 - 2017-05-20 02:07 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\snmptrap.exe 2017-06-13 19:48 - 2017-05-20 02:06 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll 2017-06-13 19:48 - 2017-05-20 02:05 - 007931392 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2017-06-13 19:48 - 2017-05-20 02:05 - 000518144 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll 2017-06-13 19:48 - 2017-05-20 02:03 - 008331264 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll 2017-06-13 19:48 - 2017-05-20 02:03 - 000527360 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2017-06-13 19:48 - 2017-05-20 02:01 - 000590848 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-06-13 19:48 - 2017-05-20 02:01 - 000586240 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll 2017-06-13 19:48 - 2017-05-20 02:00 - 001078272 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll 2017-06-13 19:48 - 2017-05-20 02:00 - 000846848 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2017-06-13 19:48 - 2017-05-20 02:00 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe 2017-06-13 19:48 - 2017-05-20 02:00 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll 2017-06-13 19:48 - 2017-05-20 01:59 - 001468416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll 2017-06-13 19:48 - 2017-05-20 01:59 - 001141760 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll 2017-06-13 19:48 - 2017-05-20 01:59 - 001028608 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll 2017-06-13 19:48 - 2017-05-20 01:59 - 000687104 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll 2017-06-13 19:48 - 2017-05-20 01:58 - 003784704 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll 2017-06-13 19:48 - 2017-05-20 01:58 - 003135488 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll 2017-06-13 19:48 - 2017-05-20 01:58 - 001886208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll 2017-06-13 19:48 - 2017-05-20 01:58 - 000909824 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll 2017-06-13 19:48 - 2017-05-20 01:58 - 000374784 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe 2017-06-13 19:48 - 2017-05-20 01:55 - 004396032 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2017-06-13 19:48 - 2017-05-20 01:55 - 002499584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll 2017-06-13 19:48 - 2017-05-20 01:55 - 001102848 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll 2017-06-13 19:48 - 2017-05-20 01:54 - 004537344 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll 2017-06-13 19:48 - 2017-05-20 01:54 - 002938880 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll 2017-06-13 19:48 - 2017-05-20 01:52 - 001356800 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2017-06-13 19:48 - 2017-05-20 01:52 - 000624640 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2017-06-13 19:48 - 2017-05-20 01:52 - 000557568 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll 2017-06-13 19:48 - 2017-05-20 01:52 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll 2017-06-13 19:48 - 2017-05-20 01:51 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll 2017-06-13 19:48 - 2017-05-20 01:50 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\NPSM.dll 2017-06-13 19:48 - 2017-05-20 01:48 - 002438656 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll 2017-06-13 19:47 - 2017-06-03 06:10 - 000130464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2017-06-13 19:47 - 2017-06-03 06:00 - 000321376 _____ (Microsoft Corporation) C:\Windows\system32\capauthz.dll 2017-06-13 19:47 - 2017-06-03 05:58 - 000660384 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2017-06-13 19:47 - 2017-06-03 05:57 - 000371616 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 002228120 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 001693600 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 001458592 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 000848288 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 000846752 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe 2017-06-13 19:47 - 2017-06-03 05:56 - 000844696 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 000697760 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 000672672 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll 2017-06-13 19:47 - 2017-06-03 05:56 - 000399264 _____ (Microsoft Corporation) C:\Windows\system32\AppVScripting.dll 2017-06-13 19:47 - 2017-06-03 05:14 - 000443392 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll 2017-06-13 19:47 - 2017-06-03 05:14 - 000142848 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll 2017-06-13 19:47 - 2017-06-03 05:10 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCredentialDeployment.exe 2017-06-13 19:47 - 2017-06-03 05:07 - 000778240 _____ C:\Windows\system32\MBR2GPT.EXE 2017-06-13 19:47 - 2017-06-03 05:07 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe 2017-06-13 19:47 - 2017-06-03 05:06 - 000551936 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll 2017-06-13 19:47 - 2017-06-03 05:04 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll 2017-06-13 19:47 - 2017-06-03 05:01 - 006726656 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe 2017-06-13 19:47 - 2017-06-03 04:59 - 002625024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2017-06-13 19:47 - 2017-06-03 04:59 - 001293824 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2017-06-13 19:47 - 2017-06-03 04:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\bfsvc.exe 2017-06-13 19:47 - 2017-05-20 04:29 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2017-06-13 19:47 - 2017-05-20 03:08 - 001459728 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2017-06-13 19:47 - 2017-05-20 02:59 - 000112544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys 2017-06-13 19:47 - 2017-05-20 02:56 - 000370928 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe 2017-06-13 19:47 - 2017-05-20 02:55 - 001506712 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll 2017-06-13 19:47 - 2017-05-20 02:55 - 000961952 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll 2017-06-13 19:47 - 2017-05-20 02:53 - 000654976 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll 2017-06-13 19:47 - 2017-05-20 02:53 - 000255904 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll 2017-06-13 19:47 - 2017-05-20 02:51 - 000406064 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll 2017-06-13 19:47 - 2017-05-20 02:10 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2017-06-13 19:47 - 2017-05-20 02:10 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\winsrvext.dll 2017-06-13 19:47 - 2017-05-20 02:10 - 000027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys 2017-06-13 19:47 - 2017-05-20 02:09 - 002199552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll 2017-06-13 19:47 - 2017-05-20 02:09 - 000209408 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll 2017-06-13 19:47 - 2017-05-20 02:08 - 000086016 _____ C:\Windows\system32\xboxgipsynthetic.dll 2017-06-13 19:47 - 2017-05-20 02:06 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\NPSMDesktopProvider.dll 2017-06-13 19:47 - 2017-05-20 02:06 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.SharedPC.AccountManager.dll 2017-06-13 19:47 - 2017-05-20 02:03 - 000892416 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll 2017-06-13 19:47 - 2017-05-20 02:03 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\DictationManager.dll 2017-06-13 19:47 - 2017-05-20 02:03 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Display.dll 2017-06-13 19:47 - 2017-05-20 02:03 - 000427008 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll 2017-06-13 19:47 - 2017-05-20 02:02 - 000616960 _____ (Microsoft Corporation) C:\Windows\system32\WindowManagement.dll 2017-06-13 19:47 - 2017-05-20 02:02 - 000601088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.Launcher.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 002347520 _____ (Microsoft Corporation) C:\Windows\system32\DeviceFlows.DataModel.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 000408064 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 000299520 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll 2017-06-13 19:47 - 2017-05-20 02:01 - 000149504 _____ (Microsoft Corporation) C:\Windows\system32\embeddedmodesvc.dll 2017-06-13 19:47 - 2017-05-20 02:00 - 001067008 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll 2017-06-13 19:47 - 2017-05-20 01:59 - 001818624 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll 2017-06-13 19:47 - 2017-05-20 01:59 - 000972800 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll 2017-06-13 19:47 - 2017-05-20 01:59 - 000585216 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll 2017-06-13 19:47 - 2017-05-20 01:58 - 001046016 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll 2017-06-13 19:47 - 2017-05-20 01:57 - 000681984 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll 2017-06-13 19:47 - 2017-05-20 01:56 - 002730496 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe 2017-06-13 19:47 - 2017-05-20 01:56 - 001076736 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2017-06-13 19:47 - 2017-05-20 01:55 - 003332096 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll 2017-06-13 19:47 - 2017-05-20 01:54 - 004707840 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2017-06-13 19:47 - 2017-05-20 01:54 - 003803136 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll 2017-06-13 19:47 - 2017-05-20 01:54 - 001275904 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll 2017-06-13 19:47 - 2017-05-20 01:51 - 001706496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll 2017-06-13 19:47 - 2017-05-20 01:50 - 000439808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll 2017-06-13 19:47 - 2017-05-20 01:48 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll 2017-06-13 19:47 - 2017-05-20 01:47 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll 2017-06-13 19:47 - 2017-05-20 01:47 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\RstrtMgr.dll 2017-06-05 10:05 - 2017-06-05 10:05 - 017203720 _____ (Carbonite, Inc.) C:\Users\tljag\Downloads\CarboniteSetup-personal-client.exe 2017-06-05 09:43 - 2017-06-05 09:43 - 000000045 _____ C:\Windows\WF-2650.ini 2017-06-05 09:43 - 2017-06-05 09:43 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Leadertech 2017-06-05 08:16 - 2017-06-05 08:16 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2017-06-05 08:16 - 2017-06-05 08:16 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2017-06-05 08:16 - 2017-06-05 08:16 - 000000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2017-06-05 01:43 - 2017-06-05 01:44 - 000000000 ____D C:\Users\tljag\Downloads\The Flying House 2017-06-05 00:45 - 2017-06-05 00:47 - 000000000 ____D C:\Users\tljag\Downloads\Super Book 1-52 [Complete] 2017-06-04 21:59 - 2017-06-04 22:08 - 000000000 ____D C:\Users\tljag\Downloads\The A-Team 2017-06-04 09:45 - 2017-08-21 13:47 - 000000000 ____D C:\Users\tljag\AppData\Local\ElevatedDiagnostics 2017-06-04 09:42 - 2017-06-04 09:42 - 000000000 ____D C:\Users\tljag\Documents\FeedbackHub 2017-06-02 19:36 - 2017-06-02 19:37 - 004464116 _____ C:\Users\tljag\Desktop\snake.pdf 2017-06-02 18:35 - 2017-06-02 18:35 - 000001344 _____ C:\Users\Public\Documents\AcPro7_0_0.pnd 2017-06-02 18:28 - 2017-06-05 18:17 - 000000951 _____ C:\Windows\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3}.job 2017-06-02 18:28 - 2017-06-02 18:28 - 000004150 _____ C:\Windows\System32\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3} 2017-06-02 18:28 - 2017-06-02 18:28 - 000000000 ____D C:\Program Files\Common Files\EPSON 2017-06-02 18:25 - 2017-06-07 14:05 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Epson 2017-06-02 18:25 - 2017-06-02 18:25 - 000001003 ____N C:\Users\Public\Desktop\EPSON Scan.lnk 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\Program Files\EpsonNet 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\Program Files\EPSON 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\Program Files (x86)\EPSON Software 2017-06-02 18:25 - 2017-06-02 18:25 - 000000000 ____D C:\Program Files (x86)\epson 2017-06-02 18:25 - 2014-02-25 00:00 - 000466944 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll 2017-06-02 18:25 - 2012-05-17 00:00 - 000144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe 2017-06-02 18:25 - 2010-11-22 13:27 - 000147472 _____ (TWAIN Working Group) C:\Windows\SysWOW64\twaindsm.dll 2017-06-02 18:24 - 2017-06-02 19:28 - 000000000 ____D C:\ProgramData\EPSON 2017-06-02 18:24 - 2013-12-06 07:05 - 000179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMBMBE.DLL 2017-06-02 18:24 - 2011-03-15 06:03 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BMBE.DLL 2017-06-02 18:24 - 2007-04-10 04:06 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL 2017-06-02 12:07 - 2017-06-02 12:26 - 157931448 _____ C:\Users\tljag\Downloads\epson15791.exe 2017-06-02 11:28 - 2017-06-02 11:28 - 000000000 ____D C:\Users\tljag\AppData\Roaming\AdobeUM 2017-06-02 11:24 - 2017-06-02 11:27 - 000000000 ____D C:\Users\tljag\AppData\Local\Adobe 2017-06-02 11:23 - 2017-06-02 11:23 - 000002475 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk 2017-06-02 11:23 - 2017-06-02 11:23 - 000002469 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk 2017-06-02 11:23 - 2017-06-02 11:23 - 000002463 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk 2017-06-02 11:23 - 2017-06-02 11:23 - 000002096 ____N C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk 2017-06-02 11:23 - 2017-06-02 11:23 - 000000000 ____D C:\Windows\SysWOW64\spool 2017-06-02 11:23 - 2017-06-02 11:23 - 000000000 ____D C:\Users\Public\Documents\Adobe PDF 2017-06-02 11:23 - 2017-06-02 11:23 - 000000000 ____D C:\ProgramData\Adobe 2017-06-02 11:23 - 2017-06-02 11:23 - 000000000 ____D C:\Program Files (x86)\Adobe 2017-06-02 10:04 - 2017-07-08 22:28 - 000002641 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Microsoft Office Document.lnk 2017-06-02 10:04 - 2017-07-08 22:28 - 000002631 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Microsoft Office Document.lnk 2017-06-02 10:04 - 2017-07-08 22:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2017-06-02 10:04 - 2017-07-08 22:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2017-06-02 10:03 - 2017-06-02 10:03 - 000000000 ____D C:\Windows\PCHEALTH 2017-06-02 10:00 - 2017-07-08 22:27 - 000000000 ____D C:\Windows\SHELLNEW 2017-06-02 10:00 - 2017-07-08 22:24 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2017-06-02 10:00 - 2017-06-28 10:37 - 000000000 ____D C:\Users\tljag\AppData\Local\Microsoft Help 2017-06-02 10:00 - 2017-06-02 10:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005 2017-06-02 10:00 - 2017-06-02 10:00 - 000000000 ____D C:\Program Files\Microsoft Office 2017-06-02 09:59 - 2017-06-02 10:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-06-02 09:59 - 2017-06-02 09:59 - 000000000 __RHD C:\MSOCache 2017-06-02 09:17 - 2017-06-02 09:17 - 000000000 ____D C:\Program Files\Common Files\Intuit 2017-06-01 23:58 - 2017-06-02 00:07 - 083486956 _____ C:\Users\tljag\Downloads\Company_Files.zip 2017-06-01 23:42 - 2017-06-02 09:17 - 000000000 ____D C:\Users\tljag\AppData\Local\Intuit 2017-06-01 23:38 - 2017-06-01 23:38 - 000002239 ____N C:\Users\Public\Desktop\QuickBooks Premier Edition 2011.lnk 2017-06-01 23:38 - 2017-06-01 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2017-06-01 23:35 - 2017-06-05 18:17 - 000000000 ____D C:\ProgramData\Intuit 2017-06-01 23:35 - 2017-06-01 23:35 - 000000000 ____D C:\Users\Public\Documents\Intuit 2017-06-01 23:35 - 2017-06-01 23:35 - 000000000 ____D C:\ProgramData\Nuance 2017-06-01 23:35 - 2017-06-01 23:35 - 000000000 ____D C:\Program Files (x86)\Intuit 2017-06-01 23:34 - 2017-07-08 22:27 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-06-01 23:34 - 2017-06-02 12:01 - 000000000 ____D C:\ProgramData\SQL Anywhere 11 2017-06-01 23:34 - 2017-06-01 23:38 - 000000095 _____ C:\Windows\QBChanUtil_Trigger.ini 2017-06-01 23:34 - 2017-06-01 23:34 - 000000000 ____D C:\Program Files\Reference Assemblies 2017-06-01 23:34 - 2017-06-01 23:34 - 000000000 ____D C:\Program Files\MSBuild 2017-06-01 23:34 - 2017-06-01 23:34 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-06-01 23:32 - 2017-02-10 11:26 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2017-06-01 23:32 - 2017-02-10 11:26 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2017-06-01 23:32 - 2017-02-10 11:26 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2017-06-01 23:32 - 2017-02-10 11:21 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-06-01 23:32 - 2017-02-10 11:21 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-06-01 23:32 - 2017-02-10 11:21 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-06-01 23:31 - 2017-06-01 23:31 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0 2017-06-01 23:27 - 2017-06-01 23:27 - 000000000 ____D C:\Users\tljag\AppData\LocalLow\Temp 2017-06-01 23:26 - 2017-06-01 23:26 - 000000000 ____D C:\Windows\Intuit 2017-06-01 22:47 - 2017-06-01 22:49 - 000000000 ____D C:\Users\tljag\Downloads\GreenTechHP 2017-06-01 21:08 - 2017-06-01 21:12 - 066122960 _____ C:\Users\tljag\Downloads\C.zip 2017-06-01 19:23 - 2017-06-01 19:23 - 000000000 ____D C:\Users\tljag\Downloads\Hirens.BootCD.15.2 2017-06-01 19:11 - 2017-06-01 19:11 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2017-06-01 19:08 - 2017-06-01 19:21 - 621283886 _____ C:\Users\tljag\Downloads\Hirens.BootCD.15.2.zip 2017-06-01 13:51 - 2017-06-01 13:51 - 000000000 ____D C:\Users\tljag\Downloads\temp 2017-06-01 13:43 - 2017-08-20 20:44 - 000000000 ____D C:\Users\tljag\AppData\Roaming\qBittorrent 2017-06-01 13:43 - 2017-06-01 13:43 - 000000000 ____D C:\Users\tljag\AppData\Local\qBittorrent 2017-06-01 13:42 - 2017-06-01 13:59 - 1589986625 _____ C:\Users\tljag\Downloads\GreenTechHP.zip 2017-06-01 13:41 - 2017-06-01 13:42 - 006949062 _____ C:\Users\tljag\Downloads\qBittorrent.zip 2017-06-01 13:33 - 2017-06-01 13:33 - 000001112 ____N C:\Users\Public\Desktop\qBittorrent.lnk 2017-06-01 13:33 - 2017-06-01 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2017-06-01 13:33 - 2017-06-01 13:33 - 000000000 ____D C:\Program Files (x86)\qBittorrent 2017-06-01 13:16 - 2017-07-31 11:15 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-06-01 13:16 - 2017-07-31 11:15 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-01 12:58 - 2017-06-02 11:26 - 000000096 _____ C:\Users\tljag\Desktop\keys.txt 2017-06-01 10:31 - 2017-06-01 10:31 - 016846965 _____ (The qBittorrent project) C:\Users\tljag\Downloads\qbittorrent_3.3.12_setup.exe 2017-06-01 10:30 - 2017-06-01 10:30 - 000000000 ____D C:\Users\tljag\AppData\Local\PeerDistRepub 2017-06-01 10:29 - 2017-06-01 10:29 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access 2017-06-01 10:29 - 2017-06-01 10:29 - 000000000 ____D C:\Users\tljag\AppData\Local\Private Internet Access 2017-06-01 10:29 - 2017-06-01 10:29 - 000000000 ____D C:\Users\tljag\AppData\Local\Crashpad 2017-06-01 10:28 - 2017-08-22 05:32 - 000000000 ____D C:\Program Files\pia_manager 2017-06-01 10:28 - 2017-06-01 10:28 - 065318466 _____ C:\Users\tljag\Downloads\pia-v70-installer-win.exe 2017-06-01 10:28 - 2017-06-01 10:28 - 000027136 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys 2017-06-01 10:01 - 2017-08-18 02:31 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2017-06-01 10:00 - 2017-08-09 22:41 - 000000000 ____D C:\Windows\system32\MRT 2017-06-01 10:00 - 2017-08-09 22:39 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-06-01 09:58 - 2017-08-20 18:49 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-01 09:58 - 2017-07-08 22:50 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-06-01 09:58 - 2017-06-15 18:19 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2017-06-01 09:58 - 2017-06-13 21:14 - 000113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2017-06-01 09:58 - 2017-06-13 21:14 - 000044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2017-06-01 09:58 - 2017-06-01 09:58 - 000188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2017-06-01 09:58 - 2017-06-01 09:58 - 000001912 ____N C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-01 09:58 - 2017-06-01 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-01 09:58 - 2017-06-01 09:58 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-06-01 09:58 - 2017-06-01 09:58 - 000000000 ____D C:\Program Files\Malwarebytes 2017-06-01 09:58 - 2017-04-27 21:08 - 002330520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2017-06-01 09:58 - 2017-04-27 20:57 - 003116184 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2017-06-01 09:58 - 2017-04-27 19:57 - 001803264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-06-01 09:58 - 2017-04-19 02:11 - 004446208 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll 2017-06-01 09:58 - 2017-04-19 02:10 - 004175872 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll 2017-06-01 09:58 - 2017-04-19 02:10 - 002765824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-06-01 09:58 - 2017-04-13 20:32 - 001320352 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll 2017-06-01 09:58 - 2017-04-13 19:39 - 000974848 _____ (Microsoft Corporation) C:\Windows\system32\mmgaserver.exe 2017-06-01 09:58 - 2017-04-13 19:35 - 001433600 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll 2017-06-01 09:58 - 2017-04-13 19:33 - 001269760 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll 2017-06-01 09:58 - 2017-04-13 19:29 - 001583616 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-06-01 09:58 - 2017-04-13 19:29 - 001295872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll 2017-06-01 09:58 - 2017-04-13 19:28 - 002443776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-06-01 09:58 - 2017-04-13 19:26 - 001257472 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll 2017-06-01 09:58 - 2017-04-13 19:24 - 001628160 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2017-06-01 09:58 - 2017-04-13 19:18 - 000731136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmgaserver.exe 2017-06-01 09:58 - 2017-04-13 19:08 - 001463296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-06-01 09:58 - 2017-03-31 20:51 - 001760264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2017-06-01 09:58 - 2017-03-31 20:29 - 001518088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2017-06-01 09:58 - 2017-03-31 19:58 - 001506816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2017-06-01 09:58 - 2017-03-31 19:50 - 001605632 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-06-01 09:57 - 2017-08-22 08:07 - 000000000 ____D C:\Users\tljag\AppData\LocalLow\Mozilla 2017-06-01 09:57 - 2017-07-08 22:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-01 09:57 - 2017-06-26 00:32 - 000002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk 2017-06-01 09:57 - 2017-06-26 00:32 - 000002016 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk 2017-06-01 09:57 - 2017-06-01 10:01 - 000000000 ____D C:\Users\tljag\AppData\Local\Mozilla 2017-06-01 09:57 - 2017-06-01 09:57 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Mozilla 2017-06-01 09:57 - 2017-04-27 21:19 - 001839872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2017-06-01 09:57 - 2017-04-27 21:16 - 000599576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2017-06-01 09:57 - 2017-04-27 21:11 - 002158544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-06-01 09:57 - 2017-04-27 21:09 - 001557288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2017-06-01 09:57 - 2017-04-27 21:08 - 002399728 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2017-06-01 09:57 - 2017-04-27 21:07 - 000988168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2017-06-01 09:57 - 2017-04-27 21:06 - 000708712 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2017-06-01 09:57 - 2017-04-27 21:03 - 000667040 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2017-06-01 09:57 - 2017-04-27 20:59 - 002635336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-06-01 09:57 - 2017-04-27 20:59 - 000388000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2017-06-01 09:57 - 2017-04-27 20:58 - 001852776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2017-06-01 09:57 - 2017-04-27 20:55 - 001325456 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2017-06-01 09:57 - 2017-04-27 20:52 - 000790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll 2017-06-01 09:57 - 2017-04-27 20:40 - 000799232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll 2017-06-01 09:57 - 2017-04-27 20:37 - 001626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-06-01 09:57 - 2017-04-27 20:15 - 001051648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll 2017-06-01 09:57 - 2017-04-27 20:06 - 001302528 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll 2017-06-01 09:57 - 2017-04-27 20:03 - 001085440 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2017-06-01 09:57 - 2017-04-27 20:03 - 000751104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-06-01 09:57 - 2017-04-27 19:59 - 003307008 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-06-01 09:57 - 2017-04-27 19:58 - 001054208 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll 2017-06-01 09:57 - 2017-04-27 19:54 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2017-06-01 09:57 - 2017-04-27 19:54 - 000722944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-06-01 09:57 - 2017-04-27 19:54 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-06-01 09:57 - 2017-04-19 03:06 - 000651680 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe 2017-06-01 09:57 - 2017-04-19 03:04 - 000142240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys 2017-06-01 09:57 - 2017-04-19 03:02 - 000716440 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll 2017-06-01 09:57 - 2017-04-19 02:18 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netvsc.sys 2017-06-01 09:57 - 2017-04-19 02:15 - 000232960 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll 2017-06-01 09:57 - 2017-04-19 02:14 - 000646656 _____ (Microsoft Corporation) C:\Windows\system32\LockHostingFramework.dll 2017-06-01 09:57 - 2017-04-19 02:12 - 000203776 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll 2017-06-01 09:57 - 2017-04-19 02:10 - 001600512 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll 2017-06-01 09:57 - 2017-04-19 02:07 - 001242624 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll 2017-06-01 09:57 - 2017-04-19 02:07 - 000707072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2017-06-01 09:57 - 2017-04-19 02:02 - 000559000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2017-06-01 09:57 - 2017-04-19 01:59 - 001087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2017-06-01 09:57 - 2017-04-19 01:34 - 000175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll 2017-06-01 09:57 - 2017-04-19 01:32 - 001285120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2017-06-01 09:57 - 2017-04-13 20:35 - 000741784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll 2017-06-01 09:57 - 2017-04-13 20:35 - 000673112 _____ (Microsoft Corporation) C:\Windows\system32\AppResolver.dll 2017-06-01 09:57 - 2017-04-13 20:33 - 002085280 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll 2017-06-01 09:57 - 2017-04-13 20:30 - 000105456 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2017-06-01 09:57 - 2017-04-13 19:43 - 000523296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppResolver.dll 2017-06-01 09:57 - 2017-04-13 19:40 - 000095584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2017-06-01 09:57 - 2017-04-13 19:39 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\wc_storage.dll 2017-06-01 09:57 - 2017-04-13 19:39 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll 2017-06-01 09:57 - 2017-04-13 19:38 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.AppDefaults.dll 2017-06-01 09:57 - 2017-04-13 19:37 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe 2017-06-01 09:57 - 2017-04-13 19:37 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll 2017-06-01 09:57 - 2017-04-13 19:37 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll 2017-06-01 09:57 - 2017-04-13 19:36 - 000296448 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll 2017-06-01 09:57 - 2017-04-13 19:35 - 000510976 _____ (Microsoft Corporation) C:\Windows\system32\TDLMigration.dll 2017-06-01 09:57 - 2017-04-13 19:33 - 000864256 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll 2017-06-01 09:57 - 2017-04-13 19:31 - 001611776 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll 2017-06-01 09:57 - 2017-04-13 19:31 - 000673280 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll 2017-06-01 09:57 - 2017-04-13 19:29 - 000840192 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2017-06-01 09:57 - 2017-04-13 19:29 - 000647168 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll 2017-06-01 09:57 - 2017-04-13 19:21 - 000078848 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll 2017-06-01 09:57 - 2017-04-13 19:15 - 000282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll 2017-06-01 09:57 - 2017-04-13 19:04 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll 2017-06-01 09:57 - 2017-04-13 19:01 - 000057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2017-06-01 09:57 - 2017-03-31 20:52 - 000409504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2017-06-01 09:57 - 2017-03-31 20:28 - 000354360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2017-06-01 09:57 - 2017-03-31 20:04 - 000364032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll 2017-06-01 09:57 - 2017-03-31 19:58 - 000433664 _____ (Microsoft Corporation) C:\Windows\system32\msIso.dll 2017-06-01 09:56 - 2017-08-21 08:41 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2017-06-01 09:56 - 2017-08-14 04:22 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk 2017-06-01 09:56 - 2017-08-14 04:22 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk 2017-06-01 09:56 - 2017-06-01 09:56 - 000000000 ____D C:\Users\tljag\AppData\Roaming\TeamViewer 2017-06-01 09:56 - 2017-04-27 20:59 - 000027040 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe 2017-06-01 09:56 - 2017-04-27 20:49 - 000072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2017-06-01 09:56 - 2017-04-27 20:46 - 000329728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll 2017-06-01 09:56 - 2017-04-27 20:46 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2017-06-01 09:56 - 2017-04-27 20:45 - 000124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2017-06-01 09:56 - 2017-04-27 20:44 - 000338432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2017-06-01 09:56 - 2017-04-27 20:44 - 000266240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2017-06-01 09:56 - 2017-04-27 20:42 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-06-01 09:56 - 2017-04-27 20:40 - 002008576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2017-06-01 09:56 - 2017-04-27 20:39 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-06-01 09:56 - 2017-04-27 20:34 - 000891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2017-06-01 09:56 - 2017-04-27 20:11 - 000082944 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2017-06-01 09:56 - 2017-04-27 20:09 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-06-01 09:56 - 2017-04-27 20:08 - 000457728 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll 2017-06-01 09:56 - 2017-04-27 20:08 - 000314880 _____ (Microsoft Corporation) C:\Windows\system32\SettingsEnvironment.Desktop.dll 2017-06-01 09:56 - 2017-04-27 20:08 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-06-01 09:56 - 2017-04-27 20:07 - 000140288 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2017-06-01 09:56 - 2017-04-27 20:06 - 000386560 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-06-01 09:56 - 2017-04-27 20:06 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-06-01 09:56 - 2017-04-27 20:05 - 000224256 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-06-01 09:56 - 2017-04-27 20:04 - 000422400 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll 2017-06-01 09:56 - 2017-04-27 20:01 - 002077184 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-06-01 09:56 - 2017-04-27 19:54 - 000970240 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2017-06-01 09:56 - 2017-04-27 19:52 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll 2017-06-01 09:56 - 2017-04-19 02:16 - 000280064 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll 2017-06-01 09:56 - 2017-04-19 02:01 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\catsrvps.dll 2017-06-01 09:56 - 2017-04-19 01:37 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll 2017-06-01 09:56 - 2017-04-13 19:41 - 000164864 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll 2017-06-01 09:56 - 2017-04-13 19:38 - 000251904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Preview.dll 2017-06-01 09:56 - 2017-04-13 19:37 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\NotificationObjFactory.dll 2017-06-01 09:56 - 2017-04-13 19:36 - 000524800 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll 2017-06-01 09:56 - 2017-04-13 19:35 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-06-01 09:56 - 2017-04-13 19:34 - 000406528 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll 2017-06-01 09:56 - 2017-04-13 19:25 - 000750080 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll 2017-06-01 09:56 - 2017-04-13 19:15 - 000232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll 2017-06-01 09:56 - 2017-04-13 19:13 - 000354304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll 2017-06-01 09:56 - 2017-04-13 19:13 - 000232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2017-06-01 09:56 - 2017-04-13 19:06 - 000987648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll 2017-06-01 09:56 - 2017-03-31 20:02 - 000252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll 2017-06-01 09:56 - 2017-03-31 20:01 - 000429568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2017-06-01 09:56 - 2017-03-31 19:56 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2017-06-01 09:56 - 2017-03-31 19:55 - 000545792 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2017-06-01 09:56 - 2017-03-31 19:55 - 000347136 _____ (Microsoft Corporation) C:\Windows\system32\XpsDocumentTargetPrint.dll 2017-06-01 09:56 - 2017-03-31 19:52 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll 2017-06-01 09:56 - 2017-03-31 19:52 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2017-06-01 09:56 - 2017-03-31 19:50 - 001657344 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2017-06-01 09:56 - 2017-03-31 19:45 - 000091648 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll 2017-06-01 09:56 - 2017-03-31 19:44 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2017-06-01 09:56 - 2017-03-31 17:00 - 000032004 _____ C:\Windows\system32\edgehtmlpluginpolicy.bin 2017-06-01 09:51 - 2017-06-01 09:55 - 000000000 ____D C:\Users\tljag\AppData\Local\MicrosoftEdge 2017-06-01 09:51 - 2017-06-01 09:51 - 000000000 ____D C:\Users\tljag\AppData\Local\DBG 2017-06-01 03:31 - 2017-08-20 21:18 - 000000000 ____D C:\Windows\Panther 2017-06-01 02:37 - 2017-06-01 02:37 - 000000000 _SHDL C:\Documents and Settings 2017-06-01 02:33 - 2017-06-01 02:33 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2017-06-01 02:32 - 2017-08-22 08:07 - 000409520 _____ C:\Windows\system32\FNTCACHE.DAT 2017-06-01 02:32 - 2017-08-22 08:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-06-01 02:32 - 2017-08-21 22:12 - 000000000 ____D C:\Windows\system32\SleepStudy 2017-06-01 02:32 - 2017-06-01 02:32 - 000000000 ____D C:\Windows\ServiceProfiles 2017-05-31 23:50 - 2017-08-22 08:05 - 000000000 ___RD C:\Users\tljag\OneDrive 2017-05-31 23:50 - 2017-07-26 23:54 - 000002363 _____ C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-05-31 23:49 - 2017-06-01 06:36 - 000000000 ____D C:\Users\tljag\AppData\Local\Comms 2017-05-31 23:48 - 2017-05-31 23:48 - 000000000 ____D C:\Users\tljag\AppData\Roaming\ATI 2017-05-31 23:48 - 2017-05-31 23:48 - 000000000 ____D C:\Users\tljag\AppData\Local\ATI 2017-05-31 23:48 - 2017-05-31 23:48 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-05-31 23:48 - 2017-05-31 23:48 - 000000000 ____D C:\ProgramData\ATI 2017-05-31 23:47 - 2017-08-20 20:34 - 000000000 ____D C:\Users\tljag\AppData\Local\Packages 2017-05-31 23:47 - 2017-06-13 21:17 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-05-31 23:47 - 2017-06-02 18:41 - 000000000 ____D C:\Users\tljag\AppData\Roaming\Adobe 2017-05-31 23:47 - 2017-05-31 23:48 - 000000000 ____D C:\Users\tljag\AppData\Local\ConnectedDevicesPlatform 2017-05-31 23:47 - 2017-05-31 23:47 - 000000000 ____D C:\Users\tljag\AppData\Local\VirtualStore 2017-05-31 23:47 - 2017-05-31 23:47 - 000000000 ____D C:\Users\tljag\AppData\Local\TileDataLayer 2017-05-31 23:47 - 2017-05-31 23:47 - 000000000 ____D C:\Users\tljag\AppData\Local\Publishers 2017-05-31 23:46 - 2017-08-21 22:37 - 000000000 ____D C:\Users\tljag 2017-05-31 23:46 - 2017-05-31 23:46 - 000000020 ___SH C:\Users\tljag\ntuser.ini 2017-05-31 23:20 - 2017-05-31 23:20 - 000000000 ____D C:\ProgramData\Package Cache 2017-05-31 23:20 - 2017-05-31 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center 2017-05-31 23:20 - 2017-05-31 23:20 - 000000000 ____D C:\Program Files\ATI Technologies 2017-05-31 23:20 - 2017-05-31 23:20 - 000000000 ____D C:\Program Files (x86)\ATI Technologies 2017-05-31 23:19 - 2017-05-31 23:19 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-05-31 23:19 - 2017-05-31 23:19 - 000000000 ____D C:\Program Files\AMD 2017-05-31 23:19 - 2017-05-31 23:19 - 000000000 ____D C:\AMD 2017-05-31 23:19 - 2017-05-31 23:19 - 000000000 _____ C:\Windows\ativpsrm.bin 2017-05-31 22:47 - 2017-05-31 22:47 - 000000000 ____D C:\ProgramData\USOShared 2017-05-31 22:41 - 2017-06-13 21:21 - 001031406 _____ C:\Windows\system32\PerfStringBackup.INI 2017-05-31 22:39 - 2017-05-31 22:39 - 000000000 ____D C:\Windows\CSC 2017-05-31 22:39 - 2017-03-18 16:56 - 002233344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-22 08:05 - 2017-03-18 07:40 - 017301504 _____ C:\Windows\system32\config\HARDWARE 2017-08-22 08:05 - 2017-03-18 07:40 - 001310720 _____ C:\Windows\system32\config\BBI 2017-08-22 07:50 - 2017-03-18 17:01 - 000000000 ____D C:\Windows\INF 2017-08-21 08:54 - 2017-03-18 17:03 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-08-21 08:54 - 2017-03-18 17:03 - 000000000 ____D C:\Windows\system32\GroupPolicy 2017-08-21 02:52 - 2017-03-18 16:51 - 000000000 ____D C:\Windows\CbsTemp 2017-08-20 20:49 - 2017-03-18 17:03 - 000000000 ____D C:\Windows\AppReadiness 2017-08-20 20:34 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-08-20 18:38 - 2017-03-18 17:03 - 000000000 ____D C:\Windows\registration ==================== Files in the root of some directories ======= 2017-08-22 07:41 - 2017-07-11 12:36 - 004784320 _____ (COMODO) C:\ProgramData\cisB710.exe 2017-08-22 07:41 - 2017-07-11 12:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll Files to move or delete: ==================== C:\ProgramData\cisB710.exe C:\ProgramData\cmdres.dll Some files in TEMP: ==================== 2017-06-02 09:15 - 2017-06-02 09:15 - 000298288 _____ (iAnywhere Solutions, Inc.) C:\Users\tljag\AppData\Local\Temp\dbfhide.exe 2017-06-02 09:15 - 2017-06-02 09:15 - 000856880 _____ (iAnywhere Solutions, Inc.) C:\Users\tljag\AppData\Local\Temp\dblgen11.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000772912 _____ (iAnywhere Solutions, Inc.) C:\Users\tljag\AppData\Local\Temp\dblib11.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 001249072 _____ (iAnywhere Solutions, Inc.) C:\Users\tljag\AppData\Local\Temp\dbtool11.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000008704 _____ () C:\Users\tljag\AppData\Local\Temp\FsdRegistration.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000149008 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\GDSBLMgr.dll 2017-06-01 23:34 - 2017-06-02 09:15 - 000464896 _____ (Intuit) C:\Users\tljag\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll 2017-07-29 09:29 - 2017-07-29 09:29 - 000740416 _____ (Oracle Corporation) C:\Users\tljag\AppData\Local\Temp\jre-8u144-windows-au.exe 2017-06-02 09:15 - 2017-06-02 09:15 - 000572928 _____ (Microsoft Corporation) C:\Users\tljag\AppData\Local\Temp\msvcp90.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000655872 _____ (Microsoft Corporation) C:\Users\tljag\AppData\Local\Temp\msvcr90.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000029512 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\QBFirwal.dll 2017-06-01 23:34 - 2017-06-02 09:15 - 000624968 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\qbinstal.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000031048 _____ () C:\Users\tljag\AppData\Local\Temp\QBNGEN.dll 2017-06-28 20:16 - 2017-06-28 20:16 - 009623832 _____ (Samsung Electronics Co., Ltd.) C:\Users\tljag\AppData\Local\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe 2017-06-02 09:15 - 2017-06-02 09:15 - 000015160 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\SMUnInstaller.dll 2017-06-01 23:34 - 2017-06-02 09:15 - 000643072 _____ (STLport Consulting, Inc.) C:\Users\tljag\AppData\Local\Temp\stlport_r50.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000479560 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\StopQBServer.dll 2017-06-02 09:15 - 2017-06-02 09:15 - 000314184 _____ (Intuit Inc.) C:\Users\tljag\AppData\Local\Temp\UtilDBSetup.dll 2017-08-21 08:50 - 2017-08-21 08:50 - 058122072 _____ (Panda Security, S.L.) C:\Users\tljag\AppData\Local\Temp\{4210366F-9CC7-45BF-972F-AC5343E8508C}.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {23d777c4-469b-11e7-8949-b1841a9ad0af} {23d777c5-469b-11e7-8949-b1841a9ad0af} {23d777cb-469b-11e7-8949-b1841a9ad0af} {23d777cc-469b-11e7-8949-b1841a9ad0af} {23d777c3-469b-11e7-8949-b1841a9ad0af} {23d777c6-469b-11e7-8949-b1841a9ad0af} timeout 0 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {23d777c7-469b-11e7-8949-b1841a9ad0af} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmware Application (101fffff) ------------------------------- identifier {23d777c3-469b-11e7-8949-b1841a9ad0af} description USB Floppy/CD Firmware Application (101fffff) ------------------------------- identifier {23d777c4-469b-11e7-8949-b1841a9ad0af} description USB Floppy/CD Firmware Application (101fffff) ------------------------------- identifier {23d777c5-469b-11e7-8949-b1841a9ad0af} device unknown description 1100 Firmware Application (101fffff) ------------------------------- identifier {23d777c6-469b-11e7-8949-b1841a9ad0af} description Hard Drive Firmware Application (101fffff) ------------------------------- identifier {23d777cb-469b-11e7-8949-b1841a9ad0af} description USB Hard Drive Firmware Application (101fffff) ------------------------------- identifier {23d777cc-469b-11e7-8949-b1841a9ad0af} description CD/DVD Drive Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.efi description Windows 10 locale en-US inherit {bootloadersettings} recoverysequence {23d777c9-469b-11e7-8949-b1841a9ad0af} displaymessageoverride Recovery recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {23d777c7-469b-11e7-8949-b1841a9ad0af} nx OptIn safeboot Network bootmenupolicy Standard Windows Boot Loader ------------------- identifier {23d777c9-469b-11e7-8949-b1841a9ad0af} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{23d777ca-469b-11e7-8949-b1841a9ad0af} path \windows\system32\winload.efi description Windows Recovery Environment locale en-us inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{23d777ca-469b-11e7-8949-b1841a9ad0af} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Resume from Hibernate --------------------- identifier {23d777c7-469b-11e7-8949-b1841a9ad0af} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {23d777c9-469b-11e7-8949-b1841a9ad0af} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Local RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {23d777ca-469b-11e7-8949-b1841a9ad0af} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2017-08-21 04:07 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
TLJaguar Posted August 22, 2017 Author ID:1155881 Share Posted August 22, 2017 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (22-08-2017 08:11:31) Running from C:\Users\tljag\Downloads Windows 10 Pro Version 1703 (X64) (2017-06-01 02:38:02) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-584086061-3025348732-3442670432-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-584086061-3025348732-3442670432-503 - Limited - Disabled) Guest (S-1-5-21-584086061-3025348732-3442670432-501 - Limited - Disabled) tljag (S-1-5-21-584086061-3025348732-3442670432-1002 - Administrator - Enabled) => C:\Users\tljag ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {0C515E80-E355-69BD-3445-A511E5C186FD} AS: COMODO Advanced Protection (Enabled - Up to date) {B730BF64-C56F-6633-0EF5-9E639E46CC40} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Panda Protection (Disabled - Up to date) {7425ED3D-720F-1F3F-3E50-4C1ACD76499D} FW: COMODO Firewall (Enabled) {346ADFA5-A93A-68E5-1F1A-0C241B12C186} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat 7.0 Professional - English, Français, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V) (Version: 7.0.0 - Adobe Systems) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version: - TGRMN Software) calibre (HKLM-x32\...\{5B27E69E-F59D-4B62-901F-F6981C826A5A}) (Version: 3.4.0 - Kovid Goyal) Carbonite (HKLM-x32\...\{4D2CAC51-4B1D-4A1A-A592-650C49BF9D3C}) (Version: 6.3.0 build 7063 (May-09-2017) - Carbonite) Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.82.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-584086061-3025348732-3442670432-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) qBittorrent 3.3.12 (HKLM-x32\...\qBittorrent) (Version: 3.3.12 - The qBittorrent project) QuickBooks (HKLM-x32\...\{1D70AABC-CB59-4700-A708-EA56D1CA07B0}) (Version: 21.0.4014.904 - Intuit Inc.) Hidden QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.) Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.81460 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [2004-12-14] (Adobe Systems Inc.) ContextMenuHandlers1-x32: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers1-x32: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers2: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers4: [BRUMenuHandler] -> {5D924130-4CB1-11DB-B0DE-0800200C9A66} => C:\Program Files\Bulk Rename Utility\BRUhere64.dll [2016-02-04] (Bulk Rename Utility) ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2017-05-10] (Carbonite, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0B1A7706-035A-49FA-BD41-8E0555997081} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {15B7A040-C7A5-44E8-A717-389814FE6A98} - System32\Tasks\COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {17F0AE42-BEA2-47EC-8E79-57671C6DFA7A} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {21EE33D7-93F1-4F07-8D92-E299AA43AFA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.) Task: {2C82CF7B-2E19-4897-9B35-994DD6D4D2D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-17] (Google Inc.) Task: {34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} - no filepath Task: {8AAF0137-BA37-44BF-9148-AB085D9D40FE} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {8B72ADDF-0898-4526-A2D5-7D12799DAE68} - no filepath Task: {9526D871-8E08-4188-8EED-752D8505EFA3} - System32\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE [2013-11-22] (SEIKO EPSON CORPORATION) Task: {A1761952-2FE0-4719-B1E1-FFF326C3B76E} - no filepath Task: {B6CE275E-56F8-4511-95DB-86F8C754CB8C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {C523C512-5B98-4030-BE02-07453FB62565} - no filepath Task: {FCBA7017-813E-4F4B-A346-649941E6DC60} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\EPSON WF-2650 Series Update {68A57124-907B-4DFD-A27B-BB4DFE7CFAE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMBE.EXE:/EXE:{68A57124-907B-4DFD-A27B-BB4DFE7CFAE3} /F:UpdateWORKGROUP\DESKTOP-SSGMRCJ$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () ShortcutWithArgument: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ==================== Loaded Modules (Whitelisted) ============== 2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\Windows\SYSTEM32\inputhost.dll 2017-03-18 16:59 - 2017-03-18 22:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" iver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 17:03 - 2017-03-18 17:01 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Adobe Acrobat Speed Launcher.lnk" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "vgarvsl.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{E859DAD7-459A-4AEF-9BFF-FB0D7E5E41C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F727680C-4E2B-4D11-A5D3-5AD95DB714A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{32C20340-141F-410D-9437-F7A10BA3F01E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{1CEA3E2E-E763-495D-A887-0A38201DB498}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{7FD4BCF2-761C-474E-BFC4-7244801D20DD}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{C163EC7C-F67C-4537-83A5-B8B2DD00414A}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{A20BC1E1-0B0D-41E9-8E52-2959B72F9861}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{391BAC64-7971-47E6-B42D-2CB228848845}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D2B2EF7E-C05A-4F1A-AC5D-0EFF64EAE82D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{60D1EB57-A5F5-435D-89D6-0E6876A4EC08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0A6D96ED-1BBD-460C-8C8A-C5A0ADF2E4A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-08-2017 13:26:28 Windows Update ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2 Mouse Description: Microsoft PS/2 Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PCI Serial Port Description: PCI Serial Port Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (08/22/2017 07:49:48 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service COMODO Virtual Service Manager since OpenService API failed System Error: The specified service does not exist as an installed service. . Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image of service COMODO Internet Security Helper Service since OpenService API failed System Error: The specified service does not exist as an installed service. . Error: (08/22/2017 07:48:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary COMODO Internet Security Eradication Driver. System Error: The system cannot find the file specified. . Error: (08/22/2017 07:41:57 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:39:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:38:14 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:35:35 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (08/22/2017 07:34:03 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {fd01dd13-c835-4678-be28-decdec00e60c} Error: (08/22/2017 07:00:50 AM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance Handle System errors: ============= Error: (08/22/2017 08:12:19 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (08/22/2017 08:12:13 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} Error: (08/22/2017 08:12:08 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-SSGMRCJ) Description: DCOM got error "1084" attempting to start the service CarboniteService with arguments "Unavailable" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666} CodeIntegrity: =================================== Date: 2017-08-22 07:41:44.075 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:36:38.694 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:03:51.689 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:02:40.048 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:02:40.044 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 07:00:48.647 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:55:33.601 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:53:46.981 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 06:36:11.267 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-08-22 05:57:49.634 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz Percentage of memory in use: 8% Total physical RAM: 20438.06 MB Available physical RAM: 18771.06 MB Total Virtual: 21718.06 MB Available Virtual: 20198.6 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.33 GB) (Free:110.45 GB) NTFS Drive d: (seagate) (Fixed) (Total:2794.39 GB) (Free:1853.41 GB) NTFS Drive e: (GRIMM) (CDROM) (Total:6.64 GB) (Free:0 GB) UDF Drive k: () (Removable) (Total:3.74 GB) (Free:3.56 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: ADC9667E) Partition: GPT. ======================================================== Disk: 1 (Size: 2794.5 GB) (Disk ID: 4C2B0944) Partition: GPT. ======================================================== Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156913 Share Posted August 25, 2017 Step # Scan with Farbar Recovery Scan ToolPrerequisites:A flash-drive with at least 1GB storage.First Part:Download Farbar Recovery Scan Tool(FRST) by Farbar to your Desktop of the clean PC.Download link for 32-bit system.Download link for 64-bit system. Download the attached fixlist.txt. Plug the flash-drive into the clean PC; Copy the correct version of FRST and the fixlist.txt to the flash-drive Second Part:Connect the flash-drive to the infected PC; Restart your PC; As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appear; Use the arrow keys to select Repair your computer; From the language setting choose US and click Next; Select the operating system you want repair and click Next; Select your user-account and click Next; You will enter into the System Recovery and will be presented the following options --Startup Repair System Restore Windows Complete PC Restore Windows Memory Diagnostic Tool Command Prompt Select Command Prompt Third Part:In the Command Prompt window type notepad and press Enter; When the Notepad opens, go to File>Open>My Computer and take a mental note of the flash-drive letter; In the Command Prompt window type e:\frst.exe(for 64-bit system type e:\frst64.exe) Note: Replace e with the drive letter of your flash-drive When the program starts, click on Fix; A log named fixlog.txt will be created after the scan and will be saved in your flash-drive; Copy and Paste the contents of the log in your next reply fixlist.txt Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156938 Share Posted August 25, 2017 F8 didn't get me to advanced boot options. As is booted and i was tapping f8 Some message flashed on the screen to fast to read, then windows loaded normally. I'll try again Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156943 Share Posted August 25, 2017 Kindly follow the following article: https://support.microsoft.com/en-us/help/4026206/windows-get-to-safe-mode-and-other-startup-settings-in-windows-10 Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156951 Share Posted August 25, 2017 I followed those steps and computer still boots straight into Windows normally Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156953 Share Posted August 25, 2017 (edited) I've tried f8, shift+f8,windowsbuton+f8, shift+restart and the steps in the link you set and every time windows boots normally Edited August 25, 2017 by TLJaguar still cannot get to advanced boot options or cmd prompt Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156956 Share Posted August 25, 2017 Choose No until we are sure what it is. Step # Fix with FRST Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop. Open Notepad.exe. Do not use any other text editor software; Copy and Paste the contents inside the code-box to your Notepad --Start CloseProcesses: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End Click on File > Save as...Inside the File Name box type fixlist.txt; From the Save as type drop down list, choose All Files Save the file to your Desktop; Re-run FRST.exe and click Fix; Note: If FRST advises there is a new updated version to be downloaded, do so/allow this. After the completion, a log will be produced; Copy and Paste the contents of the log in your next reply. Try activating Advaced Boot Mode now. Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156958 Share Posted August 25, 2017 (edited) Ok,ran frst64 and fixed. below is fixlog.txt. Rebooting now ix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (25-08-2017 09:21:43) Run:1 Running from C:\Users\tljag\Desktop Loaded Profiles: tljag (Available Profiles: tljag) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End ***************** Processes closed successfully. ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 09:21:44 ==== Edited August 25, 2017 by TLJaguar Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156962 Share Posted August 25, 2017 (edited) That worked! Here are my options Edited August 25, 2017 by TLJaguar I selected safe mode cmd prompt. Do I run the program from USB drive per your previous instructions? Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156966 Share Posted August 25, 2017 Safe Mode with Command Prompt. Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156973 Share Posted August 25, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017 Ran by tljag (25-08-2017 09:40:28) Run:3 Running from F:\ Loaded Profiles: tljag (Available Profiles: tljag) Boot Mode: Safe Mode (minimal) ============================================== fixlist content: ***************** Start Task: {34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} - no filepath Task: {8B72ADDF-0898-4526-A2D5-7D12799DAE68} - no filepath Task: {A1761952-2FE0-4719-B1E1-FFF326C3B76E} - no filepath Task: {C523C512-5B98-4030-BE02-07453FB62565} - no filepath Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat () C:\Program Files (x86)\Internet Explorer\iexplore.bat Shortcut: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () Shortcut: C:\Users\Public\Desktop\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat () C:\Program Files (x86)\Mozilla Firefox\firefox.bat ShortcutWithArgument: C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGKjchx0cXe9WEqRXrNdGQlq81%2FkZLkdGcEQ4mGJEIrkvHD4S%2BfLXgzAPD4ryqQ%3D%3D HKLM\...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cisB710.exe [4784320 2017-07-11] (COMODO) GroupPolicyScripts: Restriction <==== ATTENTION GroupPolicyScripts-x32: Restriction <==== ATTENTION HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://rotary.vsgdover.com/ FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\7300156.js [2017-08-20] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\7300156.cfg [2017-08-20] <==== ATTENTION S2 windowsmanagementservice; C:\Users\tljag\AppData\Local\qhneoz\lclhgr\ct.exe [535552 2017-08-08] () [File not signed] <==== ATTENTION C:\Users\tljag\AppData\Local\qhneoz 2017-08-21 17:00 - 2017-08-21 16:34 - 000380928 _____ C:\Users\tljag\Desktop\yxm9r0dv.exe 2017-08-21 16:04 - 2017-08-22 07:38 - 000000000 ____D C:\Program Files\Reimage 2017-08-21 16:02 - 2017-08-22 08:06 - 000081696 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\msidntfs.sys 2017-08-20 20:43 - 2017-08-21 13:09 - 000000000 ____D C:\Users\tljag\AppData\Local\llssoft 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Windows\system32\vmanrty 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Roaming\et 2017-08-20 20:38 - 2017-08-20 20:38 - 000000000 ____D C:\Users\tljag\AppData\Local\qhneoz End ***************** HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34A57F15-8DFF-42D3-BDEC-2F3C39962E5C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B72ADDF-0898-4526-A2D5-7D12799DAE68} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B72ADDF-0898-4526-A2D5-7D12799DAE68} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1761952-2FE0-4719-B1E1-FFF326C3B76E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1761952-2FE0-4719-B1E1-FFF326C3B76E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C523C512-5B98-4030-BE02-07453FB62565} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C523C512-5B98-4030-BE02-07453FB62565} => key removed successfully C:\Windows\Tasks\ReimageUpdater.job => not found. "C:\Users\tljag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Could not move. "C:\Program Files (x86)\Internet Explorer\iexplore.bat" => not found. "C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Could not move. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move. "C:\Users\Public\Desktop\??zill? Fir?f??.lnk" => Could not move. "C:\Program Files (x86)\Mozilla Firefox\firefox.bat" => not found. C:\Users\tljag\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => not found. C:\Users\Public\Desktop\Google Chrome.lnk => not found. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value not found. C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully HKU\S-1-5-21-584086061-3025348732-3442670432-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully "C:\Program Files (x86)\mozilla firefox\defaults\pref\7300156.js" => not found. "C:\Program Files (x86)\mozilla firefox\7300156.cfg" => not found. HKLM\System\CurrentControlSet\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully C:\Users\tljag\AppData\Local\qhneoz => moved successfully "C:\Users\tljag\Desktop\yxm9r0dv.exe" => not found. "C:\Program Files\Reimage" => not found. "C:\Windows\system32\Drivers\msidntfs.sys" => not found. "C:\Users\tljag\AppData\Local\llssoft" folder move: Could not move "C:\Users\tljag\AppData\Local\llssoft" => Scheduled to move on reboot. "C:\Windows\system32\vmanrty" folder move: Could not move "C:\Windows\system32\vmanrty" => Scheduled to move on reboot. C:\Users\tljag\AppData\Roaming\et => moved successfully "C:\Users\tljag\AppData\Local\qhneoz" => not found. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-08-2017 09:46:11) "C:\Users\tljag\AppData\Local\llssoft" => Could not move "C:\Windows\system32\vmanrty" => Could not move ==== End of Fixlog 09:46:39 ==== Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156976 Share Posted August 25, 2017 Strange, you didn't enter into Recovery Mode. Can you try to enter the recovery mode and apply the fix again? I gave the recovery mode link in my earlier reply. Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156980 Share Posted August 25, 2017 I followed to see steps and it boots to this screen. F8 takes me back to the blue screen menu Link to post Share on other sites More sharing options...
Valinorum Posted August 25, 2017 ID:1156985 Share Posted August 25, 2017 Can you try running MBAR now? From the link, I provided earlier. If it fails to run, there should be an MBAR.cmd file. Try to run that too. Link to post Share on other sites More sharing options...
TLJaguar Posted August 25, 2017 Author ID:1156986 Share Posted August 25, 2017 In normal boot or safemode? Link to post Share on other sites More sharing options...
Recommended Posts