Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

(X) H Key User detected when running Rogue Killer


  • This topic is locked This topic is locked
18 replies to this topic

#1 fred04

fred04

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 July 2016 - 07:52 AM

Detected (X) H Key_Users \ S-1-5-19 when running Rogue Killer. Could not remove when running Rogue killer and Adware Cleaner.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Mark (administrator) on MARK (11-07-2016 23:14:56)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe
(Toshiba America Information Systems.) C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\Mark\Downloads\RogueKiller (9).exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-08-19] (SRS Labs, Inc.)
HKLM\...\Run: [TosPU] => C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2962232 2012-10-18] (Synaptics Incorporated)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1060047164-1608092819-1536100025-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-07-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-07-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0ae0938b-64bd-4d86-9ffa-ab33d86649e2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{608c92cf-429b-459c-8984-b471e78d72df}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1060047164-1608092819-1536100025-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-1060047164-1608092819-1536100025-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-1060047164-1608092819-1536100025-1001 -> DefaultScope {46A0517F-B4DC-43C1-87C2-3C5150C690C8} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1060047164-1608092819-1536100025-1001: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2016-07-11] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1060047164-1608092819-1536100025-1001: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2016-07-11] (TD Ameritrade)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-08-07] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2196120 2012-08-03] (Toshiba America Information Systems.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [272016 2012-08-07] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-18] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-11] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 23:14 - 2016-07-11 23:15 - 00014018 _____ C:\Users\Mark\Desktop\FRST.txt
2016-07-11 22:54 - 2016-07-11 23:14 - 00000000 ____D C:\FRST
2016-07-11 22:53 - 2016-07-11 22:54 - 02390528 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2016-07-11 22:52 - 2016-07-11 22:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill (1).exe
2016-07-11 22:51 - 2016-07-11 22:51 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (9).exe
2016-07-11 22:43 - 2016-07-11 22:44 - 20201032 _____ C:\Users\Mark\Downloads\RogueKiller (9).exe
2016-07-11 22:36 - 2016-07-11 22:36 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (8).exe
2016-07-11 22:26 - 2016-07-11 22:26 - 20201032 _____ C:\Users\Mark\Downloads\RogueKiller (8).exe
2016-07-11 22:19 - 2016-07-11 22:19 - 00000146 _____ C:\Users\Mark\Desktop\Windows Defender - Shortcut.lnk
2016-07-11 22:14 - 2016-07-11 22:14 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (7).exe
2016-07-11 22:08 - 2016-07-11 22:08 - 20201032 _____ C:\Users\Mark\Downloads\RogueKiller (7).exe
2016-07-11 22:01 - 2016-07-11 22:53 - 00001998 _____ C:\Users\Mark\Desktop\Rkill.txt
2016-07-11 22:01 - 2016-07-11 22:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mark\Downloads\rkill.exe
2016-07-11 21:59 - 2016-07-11 21:59 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (6).exe
2016-07-11 21:52 - 2016-07-11 21:53 - 20201032 _____ C:\Users\Mark\Downloads\RogueKiller (6).exe
2016-07-11 21:47 - 2016-07-11 21:47 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (5).exe
2016-07-11 21:38 - 2016-07-11 21:38 - 20201032 _____ C:\Users\Mark\Downloads\RogueKiller (5).exe
2016-07-11 06:03 - 2016-07-11 06:03 - 897790316 _____ C:\WINDOWS\MEMORY.DMP
2016-07-11 06:03 - 2016-07-11 06:03 - 00887564 _____ C:\WINDOWS\Minidump\071116-5375-01.dmp
2016-07-11 06:03 - 2016-07-11 06:03 - 00000000 ____D C:\WINDOWS\Minidump
2016-07-09 17:28 - 2016-07-09 17:28 - 00000000 ___HD C:\OneDriveTemp
2016-07-09 10:46 - 2016-07-09 10:46 - 00036521 _____ C:\Users\Mark\Desktop\a.htm
2016-07-09 07:20 - 2016-07-09 07:21 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (4).exe
2016-07-09 07:14 - 2016-07-09 07:14 - 19921992 _____ C:\Users\Mark\Downloads\RogueKiller (4).exe
2016-07-07 20:56 - 2016-07-07 20:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-07-07 06:35 - 2016-07-07 06:35 - 00001944 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-07-06 17:04 - 2016-07-11 22:15 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-07-06 17:04 - 2016-07-06 17:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-06 16:56 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-06 16:56 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-06 16:56 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-06 16:56 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-06 16:56 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-06 16:56 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-06 16:56 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-07-06 16:56 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-07-06 16:56 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-06 16:56 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-06 16:56 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-07-06 16:56 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-07-06 16:56 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-07-06 16:56 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-07-06 16:56 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-07-06 16:56 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-07-06 16:56 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-06 16:56 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-07-06 16:56 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-07-06 16:56 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-07-06 16:56 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-07-06 16:56 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-07-06 16:56 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-07-06 16:56 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-07-06 16:56 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-07-06 16:56 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-07-06 16:56 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-07-06 16:56 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-07-06 16:56 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-07-06 16:56 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-07-06 16:56 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-07-06 16:56 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-07-06 16:56 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-07-06 16:56 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-07-06 16:56 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-07-06 16:56 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-07-06 16:56 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-07-06 16:56 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-06 16:56 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-07-06 16:56 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-07-06 16:56 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-07-06 16:56 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-07-06 16:56 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-07-06 16:56 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-07-06 16:56 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-07-06 16:56 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-07-06 16:56 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-06 16:56 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-07-06 16:56 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-07-06 16:56 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-07-06 16:56 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-07-06 16:56 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-07-06 16:56 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-07-06 16:56 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-06 16:56 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-07-06 16:56 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-07-06 16:56 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-07-06 16:56 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-07-06 16:56 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-07-06 16:56 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-07-06 16:56 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-07-06 16:56 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-07-06 16:56 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-07-06 16:56 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-07-06 16:56 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-06 16:56 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-07-06 16:56 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-06 16:56 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-07-06 16:56 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-07-06 16:56 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-06 16:56 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-06 16:56 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-06 16:56 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-07-06 16:56 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-07-06 16:56 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-07-06 16:56 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-07-06 16:56 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-07-06 16:56 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-06 16:56 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-07-06 16:56 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-07-06 16:56 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-07-06 16:56 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-07-06 16:56 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-07-06 16:56 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-07-06 16:56 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-06 16:56 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-07-06 16:56 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-07-06 16:56 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-06 16:56 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-06 16:56 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-07-06 16:56 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-07-06 16:56 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-07-06 16:56 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-06 16:56 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-06 16:56 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-07-06 16:56 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-07-06 16:56 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-07-06 16:56 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-07-06 16:56 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-07-06 16:56 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-07-06 16:56 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-07-06 16:56 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-07-06 16:56 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-07-06 16:56 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-07-06 16:56 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-07-06 16:56 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-07-06 16:56 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-07-06 16:56 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-07-06 16:56 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-07-06 16:56 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-07-06 16:56 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-07-06 16:56 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-07-06 16:56 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-07-06 16:56 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-07-06 16:56 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-07-06 16:56 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-07-06 16:56 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-07-06 16:56 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-07-06 16:56 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-07-06 16:56 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-07-06 16:56 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-07-06 16:56 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-07-06 16:56 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-07-06 16:56 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-07-06 16:56 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-07-06 16:56 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-06 16:56 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-07-06 16:56 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-07-06 16:56 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-07-06 16:56 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-07-06 16:56 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-07-06 16:56 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-07-06 16:56 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-07-06 16:56 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-07-06 16:56 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-07-06 16:56 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-07-06 16:56 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-07-06 16:56 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-07-06 16:56 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-07-06 16:56 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-07-06 16:56 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-07-06 16:56 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-07-06 16:56 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-07-06 16:56 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-07-06 16:56 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-07-06 16:56 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-07-06 16:56 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-07-06 16:56 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-07-06 16:56 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-07-06 16:56 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-07-06 16:56 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-07-06 16:56 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-07-06 16:56 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-07-06 16:56 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-07-06 16:56 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-07-06 16:56 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-07-06 16:56 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-07-06 16:56 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-06 16:56 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-07-06 16:56 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-07-06 16:56 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-07-06 16:56 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-07-06 16:56 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-07-06 16:56 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-07-06 16:56 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-07-06 16:56 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-07-06 16:56 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-07-06 16:56 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-07-06 16:56 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-07-06 16:56 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-07-06 16:56 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-07-06 16:56 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-07-06 16:56 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-07-06 16:56 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-07-06 16:56 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-07-06 16:56 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-07-06 16:56 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-07-06 16:56 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-07-06 16:56 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-07-06 16:56 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-07-06 16:56 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-07-06 16:56 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-07-06 16:56 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-07-06 16:56 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-07-06 16:56 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-07-06 16:56 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-07-06 16:56 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-07-06 16:56 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-07-06 16:56 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-07-06 16:56 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-07-06 16:55 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-06 16:55 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-07-06 16:55 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-07-06 16:55 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-07-06 16:55 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-07-06 16:55 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-07-06 16:55 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-07-06 16:55 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-07-06 16:55 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-07-06 16:55 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-07-06 16:55 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-07-06 16:55 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-07-06 16:55 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-07-06 16:55 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-07-06 16:55 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-07-06 16:55 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-07-06 16:55 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-07-06 16:55 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-06 16:55 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-07-06 16:55 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-07-06 16:55 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-07-06 16:55 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-07-06 16:55 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-06 16:55 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-07-06 16:55 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-07-06 16:55 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-07-06 16:55 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-07-06 16:55 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-07-06 16:55 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-07-06 16:55 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-07-06 16:55 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-07-06 16:55 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-07-06 16:55 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-07-06 16:55 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-07-06 16:55 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-07-06 16:55 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-07-06 16:55 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-07-06 16:55 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-07-06 16:55 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-06 16:55 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-07-06 16:55 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-07-06 16:55 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-06 16:55 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-07-06 16:55 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-07-06 16:55 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-07-06 16:55 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-07-06 16:55 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-07-06 16:55 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-07-06 16:55 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-07-06 16:55 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-07-06 16:55 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-07-06 16:55 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-07-06 16:55 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-07-06 16:55 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-07-06 16:55 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-07-06 16:55 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-07-06 16:55 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-07-06 16:55 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-07-06 16:55 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-07-06 16:55 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-07-06 16:55 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-07-06 16:55 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-07-06 16:55 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-07-06 16:55 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-07-06 16:55 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-07-06 16:55 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-06 16:55 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-07-06 16:55 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-07-06 16:55 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-07-06 16:55 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-07-06 16:55 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-07-06 16:55 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-07-06 16:55 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-07-06 16:55 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-07-06 16:55 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-07-06 16:55 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-07-06 16:55 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-07-06 16:55 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-07-06 16:55 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-07-06 16:55 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-06 16:55 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-07-06 16:55 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-07-06 16:55 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-07-06 16:55 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-07-06 16:55 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-07-06 16:55 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-07-06 16:55 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-07-06 16:55 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-07-06 16:55 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-07-06 16:55 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-06 16:55 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-06 16:55 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-07-06 16:55 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-07-06 16:55 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-06 16:55 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-07-06 16:55 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-07-06 16:55 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-07-06 16:55 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-07-06 16:55 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-07-06 16:55 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-07-06 16:55 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-07-06 16:55 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-07-06 16:55 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-07-06 16:55 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-07-06 16:55 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-07-06 16:55 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-07-06 16:55 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-07-06 16:55 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-07-06 16:55 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-07-06 16:55 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-07-06 16:55 - 2016-05-05 00:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-06 16:55 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-07-06 16:55 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-07-06 16:55 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-07-06 16:55 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-07-06 16:55 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-07-06 16:55 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-07-06 16:55 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-07-06 16:55 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-07-06 16:55 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-07-06 16:55 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-07-06 16:55 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-07-06 16:55 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-07-06 16:55 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-07-06 16:55 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-07-06 16:55 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-07-06 16:55 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-07-06 16:55 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-07-06 16:55 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-07-06 16:55 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-07-06 16:55 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-07-06 16:55 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-07-06 16:55 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-07-06 16:55 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-07-06 16:55 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-07-06 16:55 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-07-06 16:55 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-07-06 16:55 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-07-06 16:55 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-07-06 16:55 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-07-06 16:55 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-07-06 16:55 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-07-06 16:55 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-07-06 16:55 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-07-06 16:55 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-07-06 16:55 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-07-06 16:55 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-07-06 16:55 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-07-06 16:55 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-07-06 16:55 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-07-06 16:55 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-07-06 16:55 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-07-06 16:55 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-07-06 16:55 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-07-06 16:55 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-07-06 16:55 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-07-06 16:55 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-07-06 16:55 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-07-06 16:55 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-07-06 16:55 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-07-06 16:55 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-07-06 16:55 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-07-06 16:55 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-07-06 16:55 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-07-06 16:55 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-07-06 16:55 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-07-06 16:55 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-07-06 16:55 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-07-06 16:55 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-07-06 16:55 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-07-06 16:55 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-07-06 16:55 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-07-06 16:55 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-07-06 16:55 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-07-06 16:55 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-07-06 16:55 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-07-06 16:55 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-07-06 16:55 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-06 16:55 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-07-06 16:55 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-07-06 16:55 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-07-06 16:55 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-07-06 16:55 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-07-06 16:55 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-07-06 16:55 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-07-06 16:55 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-07-06 16:55 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-07-06 16:55 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-07-06 16:55 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-07-06 16:55 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-07-06 16:55 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-07-06 16:55 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-07-06 16:55 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-07-06 16:55 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-07-06 16:55 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-07-06 16:55 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-07-06 16:55 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-07-06 16:55 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-07-06 16:55 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-07-06 16:55 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-07-06 16:55 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-07-06 16:55 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-07-06 16:55 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-07-06 16:55 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-07-06 16:55 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-07-06 16:55 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-07-06 16:55 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-07-06 16:55 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-07-06 16:55 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-07-06 16:55 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-07-06 16:55 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-07-06 16:55 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-07-06 16:55 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-07-06 16:55 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-07-06 16:55 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-07-06 16:55 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-07-06 16:55 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-07-06 16:55 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-07-06 16:55 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-07-06 16:55 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-07-06 16:55 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-07-06 16:55 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-07-06 16:55 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-07-06 16:55 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-07-06 16:55 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-07-06 16:55 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-07-06 16:55 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-07-06 16:55 - 2016-03-29 03:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-07-06 16:55 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-07-06 16:55 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-07-06 16:55 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-07-06 16:55 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-07-06 16:55 - 2016-03-29 03:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-07-06 16:55 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-07-06 16:55 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-07-06 16:55 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-07-06 16:55 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-07-06 16:55 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-07-06 16:55 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-07-06 16:55 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-07-06 16:55 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-07-06 16:55 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-07-06 16:55 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-07-06 16:55 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-07-06 16:55 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-07-06 16:55 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-07-06 16:55 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-07-06 16:55 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-06 16:55 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-07-06 16:55 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-07-06 16:55 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-07-06 16:55 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-07-06 16:55 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-07-06 16:55 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-07-06 16:55 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-07-06 16:55 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-07-06 16:55 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-07-06 16:55 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-07-06 16:55 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-07-06 16:55 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-07-06 16:55 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-07-06 16:55 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-06 16:55 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-07-06 16:55 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-07-06 16:55 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-07-06 16:55 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-07-06 16:55 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-07-06 16:55 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-07-06 16:55 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-07-06 16:55 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-07-06 16:55 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-07-06 16:55 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-07-06 16:55 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-07-06 16:55 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-07-06 16:55 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-07-06 16:55 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-07-06 16:55 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-07-06 16:55 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-07-06 16:55 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-07-06 16:55 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-07-06 16:55 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-07-06 16:55 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-07-06 16:55 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-07-06 16:55 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-07-06 16:55 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-07-06 16:55 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-07-06 16:55 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-07-06 16:55 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-07-06 16:55 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-07-06 16:55 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-07-06 16:55 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-07-06 16:55 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-07-06 16:55 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-07-06 16:55 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-07-06 16:55 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-07-06 16:55 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-07-06 16:55 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-07-06 16:55 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-07-06 16:55 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-07-06 16:55 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-07-06 16:55 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-07-06 16:55 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-07-06 16:55 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-07-06 16:55 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-07-06 16:55 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-07-06 16:55 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-07-06 16:55 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-07-06 16:55 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-07-06 16:55 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-07-06 16:55 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-07-06 16:55 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-07-06 16:55 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-07-06 16:55 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-07-06 16:55 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-07-06 16:55 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-07-06 16:55 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-07-06 16:51 - 2016-07-06 16:51 - 00000000 ____D C:\Users\Mark\AppData\Roaming\sMedio
2016-07-06 16:24 - 2016-07-11 22:38 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2016-07-06 15:43 - 2016-07-06 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-06 15:41 - 2016-07-06 15:41 - 00000000 ____D C:\Windows.old
2016-07-06 15:40 - 2016-07-06 15:40 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-07-06 15:40 - 2016-07-06 15:40 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-07-06 15:40 - 2016-07-06 15:40 - 00000000 ____D C:\Program Files\MSBuild
2016-07-06 15:40 - 2016-07-06 15:40 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-07-06 15:40 - 2016-07-06 15:40 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-07-06 15:39 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-07-06 15:39 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 15:39 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-07-06 15:39 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-07-06 15:39 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-07-06 15:39 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-06 14:47 - 2016-07-06 14:47 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (3).exe
2016-07-06 14:41 - 2016-07-06 14:41 - 19921992 _____ C:\Users\Mark\Downloads\RogueKiller (3).exe
2016-07-06 14:38 - 2016-07-06 14:38 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 14:36 - 2016-07-06 14:36 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (2).exe
2016-07-06 14:30 - 2016-07-11 22:45 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-07-06 14:30 - 2016-07-06 14:30 - 19921992 _____ C:\Users\Mark\Downloads\RogueKiller (2).exe
2016-07-06 14:30 - 2016-07-06 14:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-06 14:20 - 2016-07-06 14:20 - 01110688 _____ (Symantec Corporation) C:\Users\Mark\Downloads\Norton_Download_Manager (1).exe
2016-07-06 14:20 - 2016-07-06 14:20 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-07-06 14:15 - 2016-07-06 17:03 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-07-06 14:10 - 2016-07-06 14:12 - 00000082 _____ C:\Users\Mark\Desktop\PRODUCT KEY.txt
2016-07-06 14:08 - 2016-07-11 22:38 - 00000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
2016-07-06 13:57 - 2016-07-06 13:57 - 00000000 ____D C:\Program Files\Nanoheal
2016-07-06 13:51 - 2016-07-06 20:39 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-06 12:57 - 2016-07-06 12:57 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Hewlett-Packard
2016-07-06 12:52 - 2016-07-11 19:27 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BBCD7239-6CB4-40B3-A3CF-8755E668C7B3}
2016-07-06 12:50 - 2016-07-08 03:21 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-07-06 12:50 - 2016-07-06 12:50 - 00002315 _____ C:\Users\Public\Desktop\HP Support Assistant.lnk
2016-07-06 12:50 - 2016-07-06 12:50 - 00000000 ____D C:\Users\Mark\AppData\Roaming\hpqLog
2016-07-06 12:50 - 2016-07-06 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-07-06 12:46 - 2016-07-06 12:46 - 00000000 ____D C:\Users\Mark\AppData\Roaming\com.devexperts.tos.ui.user.login.ThinkOrSwimApplication
2016-07-06 12:41 - 2016-07-11 21:14 - 00000000 ____D C:\Users\Mark\.thinkorswim
2016-07-06 12:41 - 2016-07-11 21:06 - 00000000 ____D C:\Program Files\thinkorswim
2016-07-06 12:41 - 2016-07-06 12:42 - 00000000 ____D C:\Users\Mark\.oracle_jre_usage
2016-07-06 12:41 - 2016-07-06 12:41 - 00001975 _____ C:\Users\Public\Desktop\thinkorswim.lnk
2016-07-06 12:41 - 2016-07-06 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thinkorswim
2016-07-06 12:39 - 2016-07-06 12:41 - 77558784 _____ (thinkorswim, Inc) C:\Users\Mark\Downloads\thinkorswim_x64_installer (1).exe
2016-07-06 12:34 - 2016-07-06 12:34 - 00003762 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series
2016-07-06 12:34 - 2016-07-06 12:34 - 00002396 _____ C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk
2016-07-06 12:34 - 2016-07-06 12:34 - 00002075 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-07-06 12:34 - 2016-07-06 12:34 - 00001303 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart Plus B210 series.lnk
2016-07-06 12:34 - 2016-07-06 12:34 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-07-06 12:34 - 2016-07-06 12:34 - 00000057 _____ C:\ProgramData\Ament.ini
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HpUpdate
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\ProgramData\Visan
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\ProgramData\HP
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\Program Files\HP
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-07-06 12:34 - 2016-07-06 12:34 - 00000000 ____D C:\Program Files (x86)\HP
2016-07-06 12:34 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM8e11.dll
2016-07-06 12:33 - 2016-07-08 03:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-07-06 12:33 - 2016-07-06 14:12 - 00000000 ____D C:\Users\Mark\AppData\Local\Hewlett-Packard
2016-07-06 12:33 - 2016-07-06 12:50 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-07-06 12:33 - 2016-07-06 12:33 - 00000000 ____D C:\Users\Mark\Downloads\HP Downloads
2016-07-06 12:32 - 2016-07-06 12:32 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\HPSupportSolutionsFramework-12.3.11.29 (1).exe
2016-07-06 11:54 - 2016-07-11 22:43 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-06 11:52 - 2016-07-11 22:39 - 00000000 ___RD C:\Users\Mark\OneDrive
2016-07-06 11:52 - 2016-07-06 11:53 - 00000000 ____D C:\Users\Mark\AppData\Local\MicrosoftEdge
2016-07-06 11:52 - 2016-07-06 11:52 - 00002410 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-07-06 11:52 - 2016-07-06 11:52 - 00000000 ____D C:\Users\Mark\AppData\Local\NetworkTiles
2016-07-06 11:52 - 2016-07-06 11:52 - 00000000 ____D C:\Users\Mark\AppData\Local\Comms
2016-07-06 11:52 - 2016-07-06 11:52 - 00000000 ____D C:\Users\Mark\AppData\Local\ActiveSync
2016-07-06 11:50 - 2016-07-06 11:50 - 00000020 ___SH C:\Users\Mark\ntuser.ini
2016-07-06 11:50 - 2016-07-06 11:50 - 00000000 ____D C:\Users\Mark\AppData\Local\TileDataLayer
2016-07-06 11:50 - 2016-07-06 11:50 - 00000000 ____D C:\Users\Mark\AppData\Local\Publishers
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default\My Documents
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-07-06 11:49 - 2016-07-06 11:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-07-06 11:48 - 2016-07-06 11:48 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-07-06 11:46 - 2016-07-06 11:46 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-06 11:45 - 2016-07-11 21:26 - 00000000 ____D C:\Users\Mark
2016-07-06 11:45 - 2016-07-06 11:45 - 00000000 _SHDL C:\Users\Mark\My Documents
2016-07-06 11:45 - 2016-07-06 11:45 - 00000000 _SHDL C:\Users\Mark\Documents\My Videos
2016-07-06 11:45 - 2016-07-06 11:45 - 00000000 _SHDL C:\Users\Mark\Documents\My Pictures
2016-07-06 11:45 - 2016-07-06 11:45 - 00000000 _SHDL C:\Users\Mark\Documents\My Music
2016-07-06 11:45 - 2016-07-06 11:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-07-06 11:44 - 2016-07-06 11:44 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____D C:\Program Files\Synaptics
2016-07-06 11:44 - 2016-07-06 11:44 - 00000000 ____D C:\Program Files\Realtek
2016-07-06 11:08 - 2016-07-06 11:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-06 11:08 - 2016-07-06 11:08 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-06 10:55 - 2015-07-22 18:09 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 10:55 - 2015-07-22 18:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 10:38 - 2016-07-06 11:31 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-06 10:24 - 2016-07-06 10:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Citrix
2016-07-06 10:24 - 2016-07-06 10:24 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-07-06 10:13 - 2016-07-06 10:13 - 00000000 ____D C:\$SysReset
2016-07-06 08:26 - 2016-07-06 08:26 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner (1).exe
2016-07-06 08:12 - 2016-07-06 08:12 - 19921992 _____ C:\Users\Mark\Downloads\RogueKiller (1).exe
2016-07-04 09:20 - 2016-07-04 09:20 - 03712064 _____ C:\Users\Mark\Downloads\AdwCleaner(4).exe
2016-07-04 09:13 - 2016-07-04 09:13 - 19921992 _____ C:\Users\Mark\Downloads\RogueKiller(4).exe
2016-07-01 08:40 - 2016-07-01 08:40 - 00220863 _____ C:\Users\Mark\Desktop\Shareholder's Notice.pdf
2016-07-01 08:27 - 2016-07-01 08:27 - 00205485 _____ C:\Users\Mark\Desktop\Scotiabank Share Certificate No. 70054.pdf
2016-06-30 15:38 - 2016-06-30 15:38 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-30 15:37 - 2016-06-30 15:37 - 05659337 _____ (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2016-06-30 15:33 - 2016-06-30 15:34 - 03703360 _____ C:\Users\Mark\Downloads\AdwCleaner(3).exe
2016-06-30 15:27 - 2016-06-30 15:27 - 19927624 _____ C:\Users\Mark\Downloads\RogueKiller(3).exe
2016-06-30 09:53 - 2016-07-06 14:21 - 00000000 ____D C:\Users\Mark\Desktop\Old Firefox Data
2016-06-29 19:20 - 2016-06-29 19:20 - 41284064 _____ (HP ) C:\Users\Mark\Downloads\sp74656.exe
2016-06-29 19:20 - 2016-06-29 19:20 - 00000000 ____D C:\swsetup
2016-06-29 19:14 - 2016-06-29 19:14 - 00000000 ____D C:\System.sav
2016-06-29 19:12 - 2016-06-29 19:12 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\Mark\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-06-29 19:05 - 2016-06-29 19:04 - 00000030 _____ C:\AVScanner.ini
2016-06-29 18:26 - 2016-06-29 18:26 - 03703360 _____ C:\Users\Mark\Downloads\AdwCleaner(2).exe
2016-06-29 18:20 - 2016-06-29 18:20 - 19927624 _____ C:\Users\Mark\Downloads\RogueKiller(2).exe
2016-06-29 17:54 - 2016-06-29 17:54 - 05565384 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup512_slim.exe
2016-06-29 17:10 - 2016-07-06 14:20 - 00001397 _____ C:\Users\Mark\Desktop\Norton Installation Files.lnk
2016-06-29 17:10 - 2016-07-06 10:21 - 00054784 ___SH C:\Users\Mark\Desktop\Thumbs.db
2016-06-29 17:09 - 2016-07-06 14:21 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-06-29 17:09 - 2016-06-29 17:09 - 01110688 _____ (Symantec Corporation) C:\Users\Mark\Downloads\Norton_Download_Manager.exe
2016-06-29 16:13 - 2016-06-29 16:16 - 77558784 _____ (thinkorswim, Inc) C:\Users\Mark\Downloads\thinkorswim_x64_installer.exe
2016-06-29 16:01 - 2016-07-06 14:21 - 00000000 ____D C:\Users\Mark\Documents\OneNote Notebooks
2016-06-29 16:00 - 2016-06-29 16:00 - 00002752 _____ C:\Users\Mark\Desktop\Microsoft Word 2010.lnk
2016-06-29 16:00 - 2016-06-29 16:00 - 00002714 _____ C:\Users\Mark\Desktop\Microsoft Excel 2010.lnk
2016-06-29 16:00 - 2016-06-29 16:00 - 00002704 _____ C:\Users\Mark\Desktop\Microsoft PowerPoint 2010.lnk
2016-06-29 16:00 - 2016-06-29 16:00 - 00002678 _____ C:\Users\Mark\Desktop\Microsoft OneNote 2010.lnk
2016-06-29 15:52 - 2016-06-29 15:55 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-29 15:52 - 2016-06-29 15:52 - 00000000 __RHD C:\MSOCache
2016-06-29 15:52 - 2016-06-29 15:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-29 15:39 - 2016-06-29 15:51 - 677003640 _____ (Microsoft Corporation) C:\Users\Mark\Downloads\X16-31970.exe
2016-06-29 15:12 - 2016-06-29 15:12 - 00401870 _____ C:\Users\Mark\Downloads\MicrosoftFixit20055.mini.diagcab
2016-06-29 15:08 - 2016-06-29 15:08 - 00000000 ____D C:\Users\Public\Symantec
2016-06-29 15:08 - 2016-06-29 15:08 - 00000000 ____D C:\Program Files (x86)\SymSilent
2016-06-29 15:07 - 2016-06-29 15:07 - 00000000 ____D C:\WINDOWS\system32\Drivers\NARAx64
2016-06-29 15:07 - 2016-06-29 15:07 - 00000000 ____D C:\ProgramData\Symantec
2016-06-29 15:07 - 2016-06-29 15:07 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-29 15:07 - 2016-06-29 15:07 - 00000000 ____D C:\Program Files (x86)\Symantec
2016-06-29 15:07 - 2016-06-29 15:07 - 00000000 ____D C:\Program Files (x86)\Norton Online Backup ARA
2016-06-29 15:06 - 2016-06-29 15:06 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2016-06-29 15:06 - 2012-06-18 13:30 - 00499096 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\Drivers\tos_sps64.sys
2016-06-29 15:06 - 2009-03-09 18:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-06-29 15:04 - 2016-06-29 15:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\TOSHIBA
2016-06-29 15:04 - 2016-06-29 15:04 - 00000000 ____D C:\TOSHIBA
2016-06-29 15:03 - 2016-06-29 15:10 - 00000000 ____D C:\ProgramData\win8_64
2016-06-29 15:03 - 2016-06-29 15:10 - 00000000 ____D C:\ProgramData\win8_32
2016-06-29 15:03 - 2016-06-29 15:03 - 00020312 _____ (Compal Electronics, INC.) C:\WINDOWS\system32\Drivers\CeKbFilter.sys
2016-06-29 15:02 - 2016-07-06 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-06-29 15:02 - 2012-08-07 21:32 - 09888912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsP2StorIcon.dll
2016-06-29 15:02 - 2012-08-07 21:32 - 00272016 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2016-06-29 15:01 - 2016-07-06 11:45 - 00000000 ____D C:\Program Files\Intel Corporation
2016-06-29 15:01 - 2016-06-29 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-06-29 15:00 - 2016-07-06 11:45 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-06-29 14:59 - 2016-06-29 11:46 - 00000000 ____D C:\ProgramData\Intel.sav
2016-06-29 14:58 - 2016-07-06 11:48 - 00002040 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2016-06-29 14:58 - 2016-06-29 15:17 - 00000006 _____ C:\ScrubRetValFile.txt
2016-06-29 14:57 - 2016-07-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Labs
2016-06-29 14:57 - 2016-06-29 15:02 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-06-29 14:57 - 2016-06-29 14:57 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-06-29 14:57 - 2016-06-29 14:57 - 00000000 ____D C:\Program Files\SRS Labs
2016-06-29 14:57 - 2012-12-06 00:01 - 03242896 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-06-29 14:57 - 2012-12-05 23:09 - 00381405 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-06-29 14:57 - 2012-12-05 20:44 - 01273488 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-06-29 14:57 - 2012-12-05 19:26 - 00125584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-06-29 14:57 - 2012-11-29 21:27 - 01562768 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-06-29 14:57 - 2012-11-19 22:18 - 02714720 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-06-29 14:57 - 2012-11-16 18:30 - 03673232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2016-06-29 14:57 - 2012-09-12 13:51 - 02743440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-06-29 14:57 - 2012-09-01 21:01 - 00647736 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2016-06-29 14:57 - 2012-08-21 18:51 - 00881808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-06-29 14:57 - 2012-08-03 22:18 - 01706640 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-06-29 14:57 - 2012-07-30 15:49 - 00000024 _____ C:\WINDOWS\system32\Drivers\rtkhdaud.dat
2016-06-29 14:57 - 2012-06-20 21:26 - 00110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-06-29 14:57 - 2012-03-08 15:47 - 00202336 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-06-29 14:57 - 2012-03-08 15:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-06-29 14:57 - 2012-01-30 15:43 - 00836544 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-06-29 14:57 - 2012-01-20 22:41 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat
2016-06-29 14:57 - 2012-01-20 22:41 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat
2016-06-29 14:57 - 2012-01-20 22:41 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
2016-06-29 14:57 - 2012-01-10 14:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-06-29 14:57 - 2011-12-20 19:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-06-29 14:57 - 2011-11-22 20:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-06-29 14:57 - 2011-03-17 16:17 - 01361336 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-06-29 14:57 - 2011-03-07 21:11 - 00148416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-06-29 14:57 - 2010-11-08 11:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-06-29 14:57 - 2010-11-03 22:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-06-29 14:56 - 2016-06-29 14:56 - 00018636 _____ C:\WINDOWS\system32\results.xml
2016-06-29 14:55 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files\Intel
2016-06-29 14:55 - 2016-07-06 11:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-06-29 14:55 - 2016-07-06 11:45 - 00000000 ____D C:\ProgramData\Intel
2016-06-29 14:55 - 2016-06-29 11:45 - 00000000 ____D C:\Intel
2016-06-29 14:55 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-06-29 14:55 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-06-29 14:55 - 2012-06-22 12:13 - 00015168 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2016-06-29 14:54 - 2016-07-06 11:45 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-29 14:54 - 2012-07-04 13:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2016-06-29 14:52 - 2016-07-06 11:48 - 00002750 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1060047164-1608092819-1536100025-500
2016-06-29 14:52 - 2016-06-29 14:52 - 01593384 _____ (LogMeIn, Inc.) C:\Users\Mark\Downloads\Support-LogMeInRescue.exe
2016-06-29 13:27 - 2016-06-29 13:27 - 03703360 _____ C:\Users\Mark\Downloads\AdwCleaner(1).exe
2016-06-29 13:20 - 2016-06-29 13:20 - 19927624 _____ C:\Users\Mark\Downloads\RogueKiller(1).exe
2016-06-29 13:11 - 2016-07-11 22:51 - 00000000 ____D C:\AdwCleaner
2016-06-29 13:10 - 2016-06-29 13:11 - 03703360 _____ C:\Users\Mark\Downloads\AdwCleaner.exe
2016-06-29 13:00 - 2016-06-29 13:00 - 19927624 _____ C:\Users\Mark\Downloads\RogueKiller.exe
2016-06-29 12:59 - 2016-07-11 22:40 - 00000554 _____ C:\Users\Mark\Desktop\JRT.txt
2016-06-29 12:57 - 2016-06-29 12:59 - 01610816 _____ (Malwarebytes) C:\Users\Mark\Desktop\JRT.exe
2016-06-29 12:44 - 2016-06-29 12:44 - 00242120 _____ C:\Users\Mark\Downloads\Firefox Setup Stub 47.0.1 (1).exe
2016-06-29 12:41 - 2016-06-29 12:41 - 00242120 _____ C:\Users\Mark\Downloads\Firefox Setup Stub 47.0.1.exe
2016-06-29 12:15 - 2016-06-29 19:32 - 00000000 ____D C:\Users\Mark\AppData\Local\HP
2016-06-29 12:07 - 2016-07-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-29 12:07 - 2016-06-29 12:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-06-29 12:05 - 2016-06-29 12:05 - 00000013 __RSH C:\WINDOWS\system32\Drivers\fbd.sys
2016-06-29 12:04 - 2016-06-29 12:04 - 00000000 ____D C:\Users\Mark\AppData\Local\Microsoft Help
2016-06-29 12:04 - 2016-06-29 12:04 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-06-29 12:04 - 2016-06-29 12:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-06-29 11:50 - 2016-07-06 11:48 - 00010449 _____ C:\WINDOWS\diagerr.xml
2016-06-29 11:50 - 2016-07-06 11:48 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-06-29 11:48 - 2016-07-06 10:38 - 00000066 _____ C:\WINDOWS\progress.ini
2016-06-29 11:46 - 2016-06-29 11:46 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-06-29 11:46 - 2016-06-29 11:46 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-06-29 11:45 - 2016-06-29 19:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-29 11:42 - 2016-07-07 19:01 - 00000000 ____D C:\Users\Mark\Desktop\Trader Mark
2016-06-29 11:42 - 2016-07-06 11:48 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1060047164-1608092819-1536100025-1001
2016-06-29 11:42 - 2016-06-29 11:42 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-06-29 11:42 - 2016-06-17 00:59 - 00046950 _____ C:\Users\Mark\Desktop\cash.wav
2016-06-29 11:42 - 2016-06-16 23:08 - 00097878 _____ C:\Users\Mark\Desktop\Flight Deck Alarm.wav
2016-06-29 11:40 - 2016-07-06 11:49 - 00000000 ___HD C:\$GetCurrent
2016-06-29 11:39 - 2016-07-06 11:50 - 00000000 ____D C:\Windows10Upgrade
2016-06-29 11:39 - 2016-07-06 10:28 - 00000705 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-06-29 11:39 - 2016-07-06 10:28 - 00000693 _____ C:\Users\Mark\Desktop\Windows 10 Upgrade Assistant.lnk
2016-06-29 11:39 - 2016-06-29 11:39 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Macromedia
2016-06-29 11:35 - 2016-06-29 12:32 - 00000000 ____D C:\Users\Mark\AppData\Local\Toshiba
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\Users\Mark\AppData\Roaming\WinBatch
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe
2016-06-29 11:35 - 2016-06-29 11:35 - 00000000 ____D C:\Users\Mark\AppData\Local\SRS Labs
2016-06-29 11:34 - 2016-07-06 12:35 - 00000000 ____D C:\Users\Mark\AppData\Local\Packages
2016-06-29 11:34 - 2016-06-29 11:34 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Intel
2016-06-29 11:34 - 2016-06-29 11:34 - 00000000 ____D C:\Users\Mark\AppData\Local\VirtualStore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-11 22:43 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-11 22:38 - 2016-04-27 02:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-11 22:38 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-11 22:16 - 2012-12-03 01:47 - 00000000 ____D C:\ProgramData\Norton
2016-07-11 22:15 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-11 22:15 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-10 08:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-09 12:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-09 07:15 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-07 06:35 - 2012-12-03 01:49 - 00000000 ____D C:\Program Files\Toshiba
2016-07-07 06:35 - 2012-12-03 01:48 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2016-07-07 06:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-07-06 17:03 - 2016-04-27 02:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-06 17:02 - 2016-04-27 02:29 - 00277928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-06 17:01 - 2016-04-27 02:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-06 17:01 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-07-06 17:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-06 16:59 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-06 15:43 - 2015-10-30 03:26 - 00000000 ____D C:\WINDOWS\Setup
2016-07-06 15:43 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-07-06 14:20 - 2012-12-03 01:47 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-07-06 12:50 - 2012-12-03 01:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-06 11:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-07-06 11:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-07-06 11:47 - 2016-04-27 02:20 - 00000000 ____D C:\WINDOWS\ShellNew
2016-07-06 11:47 - 2016-04-27 02:06 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-07-06 11:47 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-07-06 11:47 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-06 11:47 - 2012-12-03 02:03 - 00000000 ____D C:\WINDOWS\en
2016-07-06 11:47 - 2012-12-03 01:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-06 11:47 - 2012-12-03 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-07-06 11:47 - 2012-12-03 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2016-07-06 11:47 - 2012-12-03 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Dashboard
2016-07-06 11:46 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2016-07-06 11:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-07-06 11:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-07-06 11:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-07-06 11:45 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-07-06 11:45 - 2012-12-03 01:33 - 00000000 ____D C:\ProgramData\PRICache
2016-07-06 11:44 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-07-06 11:36 - 2012-07-26 04:12 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-06 11:10 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2016-06-30 15:33 - 2012-07-26 01:26 - 00000167 _____ C:\WINDOWS\win.ini
2016-06-29 12:26 - 2012-12-03 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2016-06-29 11:37 - 2012-12-03 01:49 - 00000000 ____D C:\ProgramData\Toshiba
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-07-06 12:34 - 2016-07-06 12:34 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-06 13:05

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 12 July 2016 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Quoted from this article - http://pcsupport.about.com/od/termshm/g/hkey_users.htm

While you'll likely have .DEFAULT, S-1-5-18, S-1-5-19, and S-1-5-20, which correspond to built-in system accounts,


If you still want to remove it please post the RogueKiller tool and I will see what I can suggest.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\EX64.SYS [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 July 2016 - 11:54 AM

Unable to reset the registry after running FRST. (X) H Key_Users \ S-1-5-19  still shows after running Rogue Killer and Adware Cleaner. 

 

 

Here are the results of the Fixlog.txt below

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-07-2016 01
Ran by Mark (2016-07-12 12:06:04) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160707.017\EX64.SYS [X]


End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
NAVENG => service removed successfully
NAVEX15 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 74736 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14348420 B
Java, Flash, Steam htmlcache => 19450 B
Windows/system/drivers => 346662 B
Edge => 162284335 B
Chrome => 0 B
Firefox => 46002030 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 317922 B
LocalService => 20900 B
NetworkService => 23406 B
Mark => 1838387 B

RecycleBin => 0 B
EmptyTemp: => 214.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:06:16 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 13 July 2016 - 08:39 AM


Unable to reset the registry after running FRST.

What are you trying to do?


Look at my first instruction on my first reply.
If you still want to remove it please post the RogueKiller tool and I will see what I can suggest.

#5 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 13 July 2016 - 09:17 AM

Here is the RogueKiller Export Report

 

RogueKiller V12.3.8.0 [Jul 11 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Downloads\RogueKiller(7).exe
Mode : Scan -- Date : 07/13/2016 10:13:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT250MX200SSD1 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 226091 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 464754688 | Size: 474 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 465725440 | Size: 11070 MB
User = LL1 ... OK
User = LL2 ... OK
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 13 July 2016 - 12:03 PM

Run the Farbar tool and copy/paste the following string in the search box.

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

Click the Registry Search button.

Post the log for my review.

#7 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 13 July 2016 - 03:02 PM

Here is the log

 

Farbar Recovery Scan Tool (x64) Version: 13-07-2016 01
Ran by Mark (2016-07-13 15:47:24)
Running from C:\Users\Mark\Desktop
Boot Mode: Normal

================== Search Registry: "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" ===========


====== End of Search ======



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 14 July 2016 - 08:02 AM

That did not go as expected.
Lets try this.

Please download SystemLook if your system is a 64bit system, then download the SystemLook_x64.exe save it to your Desktop.
SystemLook.exe
SystemLook_x64.exe
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :reg
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===


#9 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 14 July 2016 - 08:51 AM

I was unable to download SystemLook.exe/SystemLook_x64.exe as the the server had a problem loading the page. Not sure if the link is working properly or if there is an alternative link.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 14 July 2016 - 09:35 AM



I will investigate the 404 issue.
I cannot find a other download site.

From the Start > run box execute REGEDIT.EXE and click the OK button.

This will open the Registry.

Navigate to the key in bold.

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad

Make sure that the Wpad on the left pane as the focus.

Click the File option on the Menu

Select Export

Save the file as my_Wpad.txt

Attach the file for my review.

#11 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 14 July 2016 - 10:12 AM

I opened the Registry and Navigated to the key in bold but it did not show  "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad". Did not show anything with the word WPAD. However, I saved and tried to export the key that was highlighted but stated that the file was too big to upload. I was unable to attach the highlighted file.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 14 July 2016 - 01:13 PM

Please download The Nifsoft Regscanner tool
regscanner-x64.zip

Extract the file to a Folder of your choice.

Run the regscanner,exe as an Administrator.

In theFnd Stlring Box type WPAD

Just select - HKEY_USERS in the box "Scan the following base keys search box

Click the Scan button.

When finished a Windows will open listing all the items found.

Hilight the HKEY_USERS\S-1-5-19 items found.

Select the File Menu to save the infomation.
> Save the Selected Items.
> Name the file MY_WPAD.TXT
> Click the Save button.

The file will be saved in the folder where the program was parked.

Post/attach the MY_WPAD.TXT file for my review.

p.s. you can see the image of the tool at
http://www.majorgeeks.com/files/details/regscanner.html

Edited by nasdaq, 14 July 2016 - 01:28 PM.


#13 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 14 July 2016 - 01:45 PM

I found 3 HKEY_USERS\S-1-5-19 entries.

 

Registry Key      : HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb
Name              : WpadDecisionTime
Type              : REG_BINARY
Data              : 8C 4B DE 2A D6 DD D1 01
Key Modified Time : 7/14/2016 9:46:48 AM
Data Length       : 8
==================================================

==================================================
Registry Key      : HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb
Name              : WpadDecision
Type              : REG_DWORD
Data              : 0x00000000 (0)
Key Modified Time : 7/14/2016 9:46:48 AM
Data Length       : 4
==================================================

==================================================
Registry Key      : HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb
Name              : WpadDecisionReason
Type              : REG_DWORD
Data              : 0x00000001 (1)
Key Modified Time : 7/14/2016 9:46:48 AM
Data Length       : 4

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 15 July 2016 - 07:15 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

-HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb
-HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb
-HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e0-91-f5-ae-36-fb


Restart the computer when completed.

You can delete the fixme.reg file when done.

How is the computer running now?

Edited by nasdaq, 15 July 2016 - 07:59 AM.


#15 fred04

fred04
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 15 July 2016 - 08:02 AM

I merged the registry; however, the HKEY_USERS\S-1-5-19 infection is still there when running RogueKiller. I have also noticed that whenever I run Adware Cleaner it never picks up any infections. It always says "No malicious Programs have been found".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users