Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible proxy server hijack. Unable to change proxy server settings.


  • Please log in to reply
39 replies to this topic

#1 jimbobob23

jimbobob23

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 17 September 2016 - 08:56 PM

I appear to be the victim of some piece of malware or virus that has added a proxy server setting that I am unable to get rid of. The main symptoms are that I am unable to change my proxy server settings in Windows 10. It appears to use this setting http=127.0.0.1:8080;. The result of this is that I am unable to do searches in the omnibar of Google Chrome (just takes me to a blank page) and I can't visit certain webpages, also if I am able to do a Google search the "Search Tools" button is missing.

 

I looked around on the internet and have tried a few fixes, I've deleted or changed the registry entries mentioned in Philip Turner's reply here: https://community.spiceworks.com/topic/446898-can-t-disable-proxy-in-ie10?page=1

 

I also changed the entry mentioned here: https://fixedit.itxpress.biz/2014/10/08/unable-to-disable-windows-proxy-setting/

 

Making these changes allowed me to change the proxy server settings and once I change "Automatically detect settings" to on and "Use a a proxy server" to off then the issue is fixed and everything behaves normally. 

 

The problem is, once I restart my computer the settings revert back and are again unable to be changed unless I delete/change all the above registry entries again. I'm pretty sure that whatever did this is still on my computer somewhere and I need some help finding and eliminating it. Either that, or there is still some hidden registry entry that I am unable to find.

 

I have tried running Malwarebytes, CCleaner, and Adwcleaner. None of them can detect or fix the issue.

 

I've had this same issue before, maybe a month ago, but last time this happened I ran CCleaner and uninstalled and reinstalled Chrome and it fixed it. This time that did not work. This time the issue began after I performed a Windows Update and restarted my computer. This is what was downloaded and updated:

 

Security Update for Adobe Flash Player for Windows 10 Version 1511 for x64-based Systems (KB3188128)
Update for Windows 10 Version 1511 for x64-based Systems (KB3150513)
Update for Windows 10 Version 1511 for x64-based Systems (KB3181403)
Update for Windows 10 Version 1511 for x64-based Systems (KB3161102)
Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - September 2016 (KB890830)
Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3185614)

 

The posted FRST64 logs are from AFTER I made the above mentioned registry changes. If you need me to restart my computer and run the program again before I make any changes, please let me know. Thanks in advance!

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Jimbodan (administrator) on DESKTOP-G0LH54O (17-09-2016 18:20:47)
Running from E:\Users\jimbodan\Downloads
Loaded Profiles: Jimbodan (Available Profiles: Jimbodan)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Binary Fortress Software) H:\Util\DisplayFusion\DisplayFusionService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Paramount Software UK Ltd) H:\Util\Macrium Reflect\ReflectService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe
(Microsoft) C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\HCLOUD.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe
() C:\Program Files (x86)\GIGABYTE\CloudStation_Server\RemoteControl\grckm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files (x86)\GIGABYTE\CloudStation_Server\RemoteOC\ubssrv_oc_only.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\SIV\thermald.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Innkeeper) C:\Users\Jimbodan\AppData\Local\Innkeeper\app-0.3.1\Innkeeper.exe
(Binary Fortress Software) H:\Util\DisplayFusion\DisplayFusion.exe
(Curse Inc.) C:\Users\Jimbodan\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(Curse Inc.) C:\Users\Jimbodan\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(Curse Inc.) C:\Users\Jimbodan\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
(Curse Inc.) C:\Users\Jimbodan\AppData\Local\Innkeeper\app-0.3.1\Electron\bin\InnkeeperUI-win32-ia32\InnkeeperUI.exe
() G:\wow tsm proud\8-26-16 TSM\TradeSkillMaster Application\app\TSMApplication.exe
(Binary Fortress Software) H:\Util\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) H:\Util\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Caphyon LTD) C:\Windows\Installer\MSIE21F.tmp
(InstallShield®) C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\CTJckCfg.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Razer, Inc.) C:\Users\Jimbodan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
() H:\Temp and Trial Stuff\quietHDD.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files (x86)\GIGABYTE\Smart TimeLock\AlarmClock.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5181\Agent.exe
(Blizzard Entertainment) G:\Battle.net\Battle.net.7963\Battle.net.exe
() G:\Battle.net\Battle.net.7963\Battle.net Helper.exe
() G:\Battle.net\Battle.net.7963\Battle.net Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.23941.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15818872 2016-04-28] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25347616 2016-09-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2016-06-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CyborgAutoProfiler] => C:\Cyborg Auto-Profiler\Cyborg Auto-Profiler.exe [1105920 2013-09-11] (Danny Hasley)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\GIGABYTE\EasyTune\etro.exe [5632 2015-09-24] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\GIGABYTE\SIV\sivro.exe [12072 2015-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTuneEngineService] => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EngineRunOnce.exe [14632 2015-12-08] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [DualBiosRescue] => C:\Program Files (x86)\GIGABYTE\GigabyteFirmwareUpdateUtility\dbrro.exe [12096 2015-08-19] ()
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\GIGABYTE\AppCenter\PreRun.exe [8192 2013-04-29] ()
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\Run: [Innkeeper] => C:\Users\Jimbodan\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\Run: [DisplayFusion] => H:\Util\DisplayFusion\DisplayFusion.exe [8547320 2016-01-20] (Binary Fortress Software)
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\Run: [TSMApplication] => G:\wow tsm proud\8-26-16 TSM\TradeSkillMaster Application\app\TSMApplication.exe [1623040 2016-08-16] ()
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2015-11-22] (Mobile Stream)
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\Run: [GoogleChromeAutoLaunch_1BF4372F2CC1415D61429F55336122A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1135944 2016-09-13] (Google Inc.)
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\RunOnce: [Uninstall C:\Users\Jimbodan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jimbodan\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\...\RunOnce: [Uninstall C:\Users\Jimbodan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jimbodan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Aggiorna ESET license.lnk [2016-07-19]
ShortcutTarget: Aggiorna ESET license.lnk -> H:\Temp and Trial Stuff\MiNODLogin\launcher.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyborg Auto-Profiler.lnk [2016-07-19]
ShortcutTarget: Cyborg Auto-Profiler.lnk -> C:\Cyborg Auto-Profiler\Cyborg Auto-Profiler.exe (Danny Hasley)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD - Shortcut.lnk [2016-07-23]
ShortcutTarget: quietHDD - Shortcut.lnk -> H:\Temp and Trial Stuff\quietHDD.exe ()
Startup: C:\Users\Jimbodan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quietHDD.lnk [2016-07-23]
ShortcutTarget: quietHDD.lnk -> H:\Temp and Trial Stuff\quietHDD.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\..\Interfaces\{a88dfb7c-efd8-4c40-a441-37d49435f613}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{e6ed25c1-b03a-43a1-b4d7-17a64243a481}: [DhcpNameServer] 208.67.222.222 208.67.220.220
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-08-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-08-26] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-08-26] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-26] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> H:\Util\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF SearchPlugin: C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\searchplugins\amazon-search-suggestions.xml [2015-11-27]
FF SearchPlugin: C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\searchplugins\youtube-video-search.xml [2011-12-02]
FF Extension: (Open GMail with toolbar button) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\extensions\gmail@borsosfisoft.com.xpi [2016-05-10]
FF Extension: (Copy All Links) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\extensions\{e6a9a96e-4a08-4719-b9bd-0e91c35aaabc}.xpi [2016-06-08]
FF Extension: (NoScript) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-17]
FF Extension: (Greasemonkey) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-29]
FF Extension: (Add to Amazon Wish List Button) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\amznUWL2@amazon.com.xpi [2016-06-03]
FF Extension: (1-Click Dailymotion Video Downloader) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\DailymotionVideoDownloader@PeterOlayev.com.xpi [2016-04-27]
FF Extension: (Firefox Hotfix) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-09]
FF Extension: (Gmail Watcher) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\gmailwatcher@sonthakit.xpi [2013-03-23] [not signed]
FF Extension: (Gmail™ Notifier (restartless)) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-07-12]
FF Extension: (LastPass) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\support@lastpass.com [2016-07-23]
FF Extension: (Session Manager) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-03-18]
FF Extension: (FlashGot) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-16]
FF Extension: (Clone Window) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}.xpi [2012-01-29] [not signed]
FF Extension: (Adblock Plus) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-20]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=M476163AF-5D0E-4CA1-97EF-B48E7FB706E3&SearchSource=55&CUI=&UM=8&UP=SPB06FF8A8-51CF-4E46-9FC1-38D59F42623D&D=062815&SSPV=","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIloLWF0TQxgXI11aTA1JFgQOIQgKVRQXEwQXdlsBVAsSQ1MFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP"
CHR Profile: C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default [2016-09-17]
CHR Extension: (Google Slides) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-17]
CHR Extension: (Reddit New Comments Highlighter) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajdilinnnkbmpoegibgacadjlblmpjad [2016-09-17]
CHR Extension: (BetterTTV) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-09-17]
CHR Extension: (Facebook Video Downloader) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2016-09-17]
CHR Extension: (Google Docs) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-17]
CHR Extension: (Google Drive) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-17]
CHR Extension: (YouTube) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-17]
CHR Extension: (Nimbus Screenshot and Screencast) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2016-09-17]
CHR Extension: (Adblock Plus) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-17]
CHR Extension: (uBlock Origin) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-09-17]
CHR Extension: (Steam Inventory Helper) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-09-17]
CHR Extension: (Tampermonkey) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-17]
CHR Extension: (Session Buddy) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-09-17]
CHR Extension: (Google Sheets) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-17]
CHR Extension: (RotoGrinders - FanDuel Tools) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felhhccenjfgepphdanniaeclbjhklca [2016-09-17]
CHR Extension: (FantasyCruncher - Export Tools) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddlbjlbpgcnckmjdkfjeimbciokpcn [2016-09-17]
CHR Extension: (DraftKings Shark Finder for Real RotoGrinders) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhfffikpfjhahmcbhilnooiecodhmcg [2016-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-17]
CHR Extension: (Table Capture) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2016-09-17]
CHR Extension: (Super Browse for Netflix) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejponamigpndjgdmnpelkohnbpancjf [2016-09-17]
CHR Extension: (Reddit Notifier) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikingdipinldcfllekffnlgbojbbpilk [2016-09-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Enhanced Steam) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-09-17]
CHR Extension: (AlienTube for YouTube™) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\opgodjgjgojjkhlmmhdlojfehcemknnp [2016-09-17]
CHR Extension: (Gmail) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]
CHR Extension: (Privacy Badger) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2016-09-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-27] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113160 2015-11-25] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-19] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-12] (Windows ® Win 7 DDK provider)
R2 DisplayFusionService; H:\Util\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [141824 2015-12-16] (GIGA-BYTE TECHNOLOGY CO., LTD.) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2779136 2016-08-24] (ESET)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
R2 GCloud; C:\Program Files (x86)\GIGABYTE\CloudStation_Server\HomeCloud\GCloud.exe [19776 2015-03-23] (Microsoft)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2015-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-04-28] (Logitech Inc.)
S4 MBAMScheduler; H:\Util\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; H:\Util\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [125736 2015-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-19] ()
R2 ReflectService.exe; H:\Util\Macrium Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 Smart TimeLock; C:\Program Files (x86)\GIGABYTE\Smart TimeLock\TimeMgmtDaemon.exe [102400 2013-02-22] (Gigabyte Technology CO., LTD.) [File not signed]
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-06] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-06-30] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1067304 2015-11-25] (Creative Technology Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [530416 2015-06-18] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263296 2016-08-24] (ESET)
R3 easytether; C:\Windows\System32\drivers\easytthrx.sys [22728 2015-11-22] (Mobile Stream)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-08-24] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [197288 2016-08-24] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [153248 2016-08-24] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [208552 2016-08-24] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [61608 2016-08-24] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84640 2016-08-24] (ESET)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-05-28] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [85160 2016-04-18] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rzjstk; C:\Windows\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
R3 rzkeypadendpt; C:\Windows\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-06] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2015-12-09] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51488 2015-12-09] (Saitek)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-24] (Intel Corporation)
R3 _hid_0738_1713; C:\Windows\system32\DRIVERS\_hid_0738_1713.sys [180928 2015-12-09] (Saitek)
R3 _usb_0738_1713; C:\Windows\System32\drivers\_usb_0738_1713.sys [46528 2015-12-09] (Saitek)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-17 18:20 - 2016-09-17 18:20 - 00000000 ____D C:\FRST
2016-09-17 06:19 - 2016-09-17 06:21 - 00000000 ____D C:\AdwCleaner
2016-09-17 04:41 - 2016-09-17 04:41 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\Macromedia
2016-09-17 02:44 - 2016-09-17 17:49 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-17 02:44 - 2016-09-17 06:22 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-17 02:44 - 2016-09-17 02:44 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-17 02:44 - 2016-09-17 02:44 - 00003760 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-17 02:44 - 2016-09-17 02:44 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 02:44 - 2016-09-17 02:44 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-16 22:52 - 2016-05-06 15:50 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-09-16 22:31 - 2016-09-06 22:39 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 02656952 _____ C:\Windows\system32\CoreUIComponents.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-16 22:31 - 2016-09-06 22:39 - 01238584 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2016-09-16 22:31 - 2016-09-06 22:39 - 01142560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-16 22:31 - 2016-09-06 22:39 - 01098640 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 01030408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-16 22:31 - 2016-09-06 22:39 - 00875480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-09-16 22:31 - 2016-09-06 22:39 - 00845568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00799568 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00754664 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00705576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00620176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00601744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00414232 _____ (Microsoft Corporation) C:\Windows\system32\BCP47Langs.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00337328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00328520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BCP47Langs.dll
2016-09-16 22:31 - 2016-09-06 22:39 - 00277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-09-16 22:31 - 2016-09-06 22:39 - 00175120 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-16 22:31 - 2016-09-06 22:37 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-09-16 22:31 - 2016-09-06 22:37 - 00129888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-16 22:31 - 2016-09-06 22:36 - 00528736 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-09-16 22:31 - 2016-09-06 22:36 - 00405856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-16 22:31 - 2016-09-06 22:35 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-09-16 22:31 - 2016-09-06 22:35 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-09-16 22:31 - 2016-09-06 22:35 - 00523616 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2016-09-16 22:31 - 2016-09-06 22:34 - 02587696 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-09-16 22:31 - 2016-09-06 22:33 - 02026736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-09-16 22:31 - 2016-09-06 22:33 - 01297760 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-09-16 22:31 - 2016-09-06 22:33 - 00986976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-09-16 22:31 - 2016-09-06 22:33 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-16 22:31 - 2016-09-06 22:27 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-09-16 22:31 - 2016-09-06 22:27 - 00413536 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-09-16 22:31 - 2016-09-06 22:26 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 01554152 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 01152320 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 01092464 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00858952 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00847648 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00785088 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00693592 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00588320 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmdev.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00586200 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00439136 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00245840 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-09-16 22:31 - 2016-09-06 22:26 - 00131424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufxsynopsys.sys
2016-09-16 22:31 - 2016-09-06 22:25 - 02607336 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-09-16 22:31 - 2016-09-06 22:25 - 01447776 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2016-09-16 22:31 - 2016-09-06 22:25 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-16 22:31 - 2016-09-06 22:25 - 01270064 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 03693064 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 02180128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 01349632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 01118200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-09-16 22:31 - 2016-09-06 22:24 - 00709176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00652312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00511312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00496360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmdev.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00451928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-09-16 22:31 - 2016-09-06 22:24 - 00355672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2016-09-16 22:31 - 2016-09-06 22:23 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-09-16 22:31 - 2016-09-06 22:23 - 06605544 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-09-16 22:31 - 2016-09-06 22:23 - 06536248 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-09-16 22:31 - 2016-09-06 22:23 - 01750440 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2016-09-16 22:31 - 2016-09-06 22:23 - 01603224 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2016-09-16 22:31 - 2016-09-06 22:23 - 01040792 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2016-09-16 22:31 - 2016-09-06 22:23 - 00725776 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2016-09-16 22:31 - 2016-09-06 22:22 - 02937384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-16 22:31 - 2016-09-06 22:22 - 01128096 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-09-16 22:31 - 2016-09-06 22:22 - 01085728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2016-09-16 22:31 - 2016-09-06 22:22 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-16 22:31 - 2016-09-06 22:22 - 00604920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-09-16 22:31 - 2016-09-06 22:22 - 00359256 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-16 22:31 - 2016-09-06 22:21 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-16 22:31 - 2016-09-06 22:21 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-09-16 22:31 - 2016-09-06 22:20 - 01355336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2016-09-16 22:31 - 2016-09-06 22:20 - 00569744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2016-09-16 22:31 - 2016-09-06 22:19 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-16 22:31 - 2016-09-06 22:16 - 02773088 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-09-16 22:31 - 2016-09-06 22:16 - 02548936 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-09-16 22:31 - 2016-09-06 22:16 - 02144512 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2016-09-16 22:31 - 2016-09-06 22:16 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-16 22:31 - 2016-09-06 22:15 - 01415200 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-09-16 22:31 - 2016-09-06 22:15 - 00911640 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2016-09-16 22:31 - 2016-09-06 22:15 - 00550656 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-09-16 22:31 - 2016-09-06 22:13 - 01865584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2016-09-16 22:31 - 2016-09-06 22:12 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-09-16 22:31 - 2016-09-06 22:12 - 01522152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-16 22:31 - 2016-09-06 22:12 - 01174008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-09-16 22:31 - 2016-09-06 22:12 - 00871776 _____ (Microsoft Corporation) C:\Windows\system32\drvstore.dll
2016-09-16 22:31 - 2016-09-06 22:11 - 00503600 _____ (Microsoft Corporation) C:\Windows\system32\DMRServer.dll
2016-09-16 22:31 - 2016-09-06 22:11 - 00057912 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-16 22:31 - 2016-09-06 22:08 - 00116216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-16 22:31 - 2016-09-06 22:07 - 01951848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-09-16 22:31 - 2016-09-06 21:53 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-09-16 22:31 - 2016-09-06 21:52 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll
2016-09-16 22:31 - 2016-09-06 21:52 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-16 22:31 - 2016-09-06 21:51 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-09-16 22:31 - 2016-09-06 21:49 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-09-16 22:31 - 2016-09-06 21:48 - 22379520 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-09-16 22:31 - 2016-09-06 21:48 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-09-16 22:31 - 2016-09-06 21:47 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2016-09-16 22:31 - 2016-09-06 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-09-16 22:31 - 2016-09-06 21:46 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-09-16 22:31 - 2016-09-06 21:46 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-16 22:31 - 2016-09-06 21:46 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2016-09-16 22:31 - 2016-09-06 21:46 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\vss_ps.dll
2016-09-16 22:31 - 2016-09-06 21:46 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2016-09-16 22:31 - 2016-09-06 21:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\spcompat.dll
2016-09-16 22:31 - 2016-09-06 21:45 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\VoipRT.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.ProxyStub.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\udhisapi.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-09-16 22:31 - 2016-09-06 21:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\IconCodecService.dll
2016-09-16 22:31 - 2016-09-06 21:43 - 16985600 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-09-16 22:31 - 2016-09-06 21:43 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-09-16 22:31 - 2016-09-06 21:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-09-16 22:31 - 2016-09-06 21:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\upnpcont.exe
2016-09-16 22:31 - 2016-09-06 21:43 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-09-16 22:31 - 2016-09-06 21:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys
2016-09-16 22:31 - 2016-09-06 21:42 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-09-16 22:31 - 2016-09-06 21:42 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\DictationManager.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2016-09-16 22:31 - 2016-09-06 21:41 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\OnDemandConnRouteHelper.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\fwcfg.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\deviceassociation.dll
2016-09-16 22:31 - 2016-09-06 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2016-09-16 22:31 - 2016-09-06 21:40 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn.dll
2016-09-16 22:31 - 2016-09-06 21:40 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2016-09-16 22:31 - 2016-09-06 21:40 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2016-09-16 22:31 - 2016-09-06 21:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2016-09-16 22:31 - 2016-09-06 21:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-09-16 22:31 - 2016-09-06 21:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\CheckNetIsolation.exe
2016-09-16 22:31 - 2016-09-06 21:39 - 01567744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2016-09-16 22:31 - 2016-09-06 21:39 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VoipRT.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\wiarpc.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\udhisapi.dll
2016-09-16 22:31 - 2016-09-06 21:39 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Cortana.ProxyStub.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\LegacyNetUXHost.exe
2016-09-16 22:31 - 2016-09-06 21:38 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Geolocation.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-09-16 22:31 - 2016-09-06 21:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-09-16 22:31 - 2016-09-06 21:38 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
2016-09-16 22:31 - 2016-09-06 21:37 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00435712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2016-09-16 22:31 - 2016-09-06 21:37 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00373248 _____ (Microsoft Corporation) C:\Windows\system32\WmpDui.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountCloudAP.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srpapi.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceassociation.dll
2016-09-16 22:31 - 2016-09-06 21:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 01582080 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-09-16 22:31 - 2016-09-06 21:36 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\msdt.exe
2016-09-16 22:31 - 2016-09-06 21:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\DiagCpl.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00752128 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\authfwcfg.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\azroleui.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-09-16 22:31 - 2016-09-06 21:36 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\dot3ui.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\eapsvc.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2016-09-16 22:31 - 2016-09-06 21:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwcfg.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 24611840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2016-09-16 22:31 - 2016-09-06 21:35 - 00814592 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-09-16 22:31 - 2016-09-06 21:35 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanui.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00393216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\PhoneOm.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\APHostService.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2016-09-16 22:31 - 2016-09-06 21:35 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\ExecModelClient.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModelShim.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oemlicense.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usbceip.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.ps.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2016-09-16 22:31 - 2016-09-06 21:35 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CheckNetIsolation.exe
2016-09-16 22:31 - 2016-09-06 21:34 - 00952320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2016-09-16 22:31 - 2016-09-06 21:34 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00510464 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\WalletService.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-09-16 22:31 - 2016-09-06 21:34 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.OneCore.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00300032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00265728 _____ (Microsoft Corporation) C:\Windows\system32\netman.dll
2016-09-16 22:31 - 2016-09-06 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 01813504 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00904704 _____ (Microsoft Corporation) C:\Windows\system32\azroles.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WmpDui.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-09-16 22:31 - 2016-09-06 21:33 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 04213248 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 01294336 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00947200 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00892416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\winipcsecproc_ssp.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\SmartCardSimulator.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00651776 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00643584 _____ (Microsoft Corporation) C:\Windows\system32\wiaservc.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-09-16 22:31 - 2016-09-06 21:32 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00471040 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-16 22:31 - 2016-09-06 21:32 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroleui.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-09-16 22:31 - 2016-09-06 21:32 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\sysdm.cpl
2016-09-16 22:31 - 2016-09-06 21:32 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2016-09-16 22:31 - 2016-09-06 21:32 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 09920512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 01985024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certmgr.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00852992 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\comuid.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00753664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\AppxApplicabilityEngine.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00579072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2016-09-16 22:31 - 2016-09-06 21:31 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\icsvc.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00453632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\upnphost.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00435200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authfwcfg.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-09-16 22:31 - 2016-09-06 21:31 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-09-16 22:31 - 2016-09-06 21:31 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 18676224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 02476032 _____ (Microsoft Corporation) C:\Windows\system32\MSAJApi.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-16 22:31 - 2016-09-06 21:30 - 01707520 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 01575936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 01558528 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-09-16 22:31 - 2016-09-06 21:30 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-09-16 22:31 - 2016-09-06 21:30 - 01318400 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00904704 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00817152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.Search.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00697344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00602624 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00576000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\filemgmt.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00436224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-09-16 22:31 - 2016-09-06 21:30 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneOm.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 19350016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 07977984 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 01902592 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-09-16 22:31 - 2016-09-06 21:29 - 01487360 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-09-16 22:31 - 2016-09-06 21:29 - 01443328 _____ (Microsoft Corporation) C:\Windows\system32\diagperf.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 01319424 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00888320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\syncutil.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-16 22:31 - 2016-09-06 21:29 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2016-09-16 22:31 - 2016-09-06 21:29 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 04143104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlanMM.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01783808 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01671168 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01648640 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-09-16 22:31 - 2016-09-06 21:28 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00879616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00780800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-09-16 22:31 - 2016-09-06 21:28 - 00674816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00673280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipcsecproc_ssp.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WLanConn.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-09-16 22:31 - 2016-09-06 21:28 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysdm.cpl
2016-09-16 22:31 - 2016-09-06 21:28 - 00284160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2016-09-16 22:31 - 2016-09-06 21:28 - 00282624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-09-16 22:31 - 2016-09-06 21:27 - 04456448 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01872896 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01743872 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00963072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00957440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00708608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00651776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comuid.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00549888 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00517632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00477184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00458752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00329216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\upnphost.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-16 22:31 - 2016-09-06 21:27 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 13392384 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-16 22:31 - 2016-09-06 21:26 - 01915392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAJApi.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 01588224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-09-16 22:31 - 2016-09-06 21:26 - 01537536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmsipc.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-09-16 22:31 - 2016-09-06 21:26 - 01117184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00854528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00821760 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00738816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2016-09-16 22:31 - 2016-09-06 21:26 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00673280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00645632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.Search.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00638464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-09-16 22:31 - 2016-09-06 21:26 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\syncutil.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 06312448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 06296064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 04404736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 02578432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Pimstore.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 01052160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2016-09-16 22:31 - 2016-09-06 21:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 00759808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-09-16 22:31 - 2016-09-06 21:25 - 00501760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2016-09-16 22:31 - 2016-09-06 21:25 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licensingdiag.exe
2016-09-16 22:31 - 2016-09-06 21:24 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 03695104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 01276928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 00785920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 00764928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2016-09-16 22:31 - 2016-09-06 21:24 - 00460800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 04646912 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2016-09-16 22:31 - 2016-09-06 21:23 - 01562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2016-09-16 22:31 - 2016-09-06 21:23 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipcsecproc.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00918016 _____ (Microsoft Corporation) C:\Windows\system32\XpsFilt.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2016-09-16 22:31 - 2016-09-06 21:23 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 12134400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 03093504 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 02106368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 01987072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 01297408 _____ (Microsoft Corporation) C:\Windows\system32\SensorDataService.exe
2016-09-16 22:31 - 2016-09-06 21:22 - 00778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2016-09-16 22:31 - 2016-09-06 21:22 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\StikyNot.exe
2016-09-16 22:31 - 2016-09-06 21:21 - 03046400 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 02527232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 01410560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 01063936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 00639488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-09-16 22:31 - 2016-09-06 21:21 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsFilt.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00882688 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2016-09-16 22:31 - 2016-09-06 21:20 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 06471168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2016-09-16 22:31 - 2016-09-06 21:19 - 05325824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-09-16 22:31 - 2016-09-06 21:19 - 03555840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2016-09-16 22:31 - 2016-09-06 21:19 - 02902528 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 02798080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 02102272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 01997312 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\sdengin2.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 01072128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-09-16 22:31 - 2016-09-06 21:19 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 05503488 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 04826624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 03577344 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 00592384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\XpsDocumentTargetPrint.dll
2016-09-16 22:31 - 2016-09-06 21:18 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 03459584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 02679808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 02062336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 01674240 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 01526784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2016-09-16 22:31 - 2016-09-06 21:17 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 03671040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02911744 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02361856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02217984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 02155008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 01984000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 01676800 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 01194496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 01123328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 00574976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsDocumentTargetPrint.dll
2016-09-16 22:31 - 2016-09-06 21:16 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-09-16 22:31 - 2016-09-06 21:16 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 07831552 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 05659136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 02772480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 02055168 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01755648 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01626112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01448960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 01121792 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 00835072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2016-09-16 22:31 - 2016-09-06 21:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 03355136 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 03351040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 03078656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 02573824 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 02553856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 02519552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 02177024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 01946112 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-09-16 22:31 - 2016-09-06 21:14 - 01487872 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2016-09-16 22:31 - 2016-09-06 21:13 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-16 22:31 - 2016-09-06 21:13 - 02874880 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2016-09-16 22:31 - 2016-09-06 21:12 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-09-16 22:31 - 2016-09-06 21:12 - 00899072 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2016-09-16 22:31 - 2016-09-06 21:12 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-09-16 22:31 - 2016-09-06 21:12 - 00339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-16 22:31 - 2016-09-06 21:11 - 03294208 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-09-16 22:31 - 2016-09-06 21:11 - 03065344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-09-16 22:31 - 2016-09-06 21:11 - 03053568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-09-16 22:31 - 2016-09-06 21:10 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-09-16 22:31 - 2016-09-06 21:10 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-09-16 22:31 - 2016-09-06 21:10 - 00712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-09-16 22:31 - 2016-09-06 21:10 - 00627200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certca.dll
2016-09-16 22:31 - 2016-09-06 21:10 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\RADCUI.dll
2016-09-16 22:31 - 2016-09-06 21:09 - 00824832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-16 22:31 - 2016-09-06 21:09 - 00824832 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-16 22:31 - 2016-09-06 21:09 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2016-09-16 22:31 - 2016-09-06 21:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-16 22:31 - 2016-09-06 21:09 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-16 22:31 - 2016-09-04 17:37 - 00445765 _____ C:\Windows\system32\ApnDatabase.xml
2016-09-16 22:30 - 2016-09-06 22:39 - 07468896 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-16 22:30 - 2016-09-06 22:39 - 01997832 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-16 22:30 - 2016-09-06 22:39 - 01862000 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-09-16 22:30 - 2016-09-06 22:39 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-16 22:30 - 2016-09-06 22:39 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-09-16 22:30 - 2016-09-06 22:34 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-09-16 22:30 - 2016-09-06 22:26 - 01552104 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-09-16 22:30 - 2016-09-06 22:26 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-09-16 22:30 - 2016-09-06 22:23 - 04515256 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-16 22:30 - 2016-09-06 22:23 - 01540216 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-09-16 22:30 - 2016-09-06 22:23 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-09-16 22:30 - 2016-09-06 22:23 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-09-16 22:30 - 2016-09-06 22:23 - 00565600 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-09-16 22:30 - 2016-09-06 22:23 - 00374008 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-09-16 22:30 - 2016-09-06 22:23 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-09-16 22:30 - 2016-09-06 22:22 - 01824264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-09-16 22:30 - 2016-09-06 22:22 - 00742192 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-09-16 22:30 - 2016-09-06 22:22 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-09-16 22:30 - 2016-09-06 22:22 - 00638816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2016-09-16 22:30 - 2016-09-06 22:22 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-09-16 22:30 - 2016-09-06 22:22 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-09-16 22:30 - 2016-09-06 22:21 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-09-16 22:30 - 2016-09-06 22:21 - 05240952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-09-16 22:30 - 2016-09-06 22:20 - 00836752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2016-09-16 22:30 - 2016-09-06 22:19 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-09-16 22:30 - 2016-09-06 22:15 - 01776768 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-16 22:30 - 2016-09-06 22:14 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-16 22:30 - 2016-09-06 22:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-16 22:30 - 2016-09-06 22:13 - 02186856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-09-16 22:30 - 2016-09-06 22:12 - 28851224 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsRaw.dll
2016-09-16 22:30 - 2016-09-06 22:11 - 02187408 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-09-16 22:30 - 2016-09-06 22:11 - 00388888 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-09-16 22:30 - 2016-09-06 22:11 - 00305296 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2016-09-16 22:30 - 2016-09-06 22:08 - 28083144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsRaw.dll
2016-09-16 22:30 - 2016-09-06 22:07 - 00253080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpeffects.dll
2016-09-16 22:30 - 2016-09-06 21:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-09-16 22:30 - 2016-09-06 21:44 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\SecureTimeAggregator.dll
2016-09-16 22:30 - 2016-09-06 21:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-09-16 22:30 - 2016-09-06 21:41 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-09-16 22:30 - 2016-09-06 21:40 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-09-16 22:30 - 2016-09-06 21:40 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\oemlicense.dll
2016-09-16 22:30 - 2016-09-06 21:40 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountExtension.dll
2016-09-16 22:30 - 2016-09-06 21:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2016-09-16 22:30 - 2016-09-06 21:40 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2016-09-16 22:30 - 2016-09-06 21:39 - 09324032 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-09-16 22:30 - 2016-09-06 21:39 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.ps.dll
2016-09-16 22:30 - 2016-09-06 21:39 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2016-09-16 22:30 - 2016-09-06 21:39 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\FingerprintEnrollment.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2016-09-16 22:30 - 2016-09-06 21:38 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-09-16 22:30 - 2016-09-06 21:37 - 00846848 _____ (Microsoft Corporation) C:\Windows\system32\ipsecsnp.dll
2016-09-16 22:30 - 2016-09-06 21:37 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-16 22:30 - 2016-09-06 21:37 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\fhsvc.dll
2016-09-16 22:30 - 2016-09-06 21:36 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2016-09-16 22:30 - 2016-09-06 21:36 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-09-16 22:30 - 2016-09-06 21:36 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppLockerCSP.dll
2016-09-16 22:30 - 2016-09-06 21:36 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\NetworkDesktopSettings.dll
2016-09-16 22:30 - 2016-09-06 21:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 09324032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-09-16 22:30 - 2016-09-06 21:35 - 00813056 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00450048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack_win.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\credprovs.dll
2016-09-16 22:30 - 2016-09-06 21:35 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.PicturePassword.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\filemgmt.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00507904 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2016-09-16 22:30 - 2016-09-06 21:34 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00448000 _____ (Microsoft Corporation) C:\Windows\system32\winipcfile.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-09-16 22:30 - 2016-09-06 21:33 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-09-16 22:30 - 2016-09-06 21:32 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-16 22:30 - 2016-09-06 21:32 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2016-09-16 22:30 - 2016-09-06 21:32 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-09-16 22:30 - 2016-09-06 21:32 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.UserAccountsHandlers.dll
2016-09-16 22:30 - 2016-09-06 21:32 - 00484352 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-09-16 22:30 - 2016-09-06 21:32 - 00292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3ui.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Bluetooth.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\sppinst.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2016-09-16 22:30 - 2016-09-06 21:31 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-16 22:30 - 2016-09-06 21:31 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 14251520 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 02012672 _____ (Microsoft Corporation) C:\Windows\system32\winmsipc.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 01500672 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\ApplicationFrame.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 01037824 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2016-09-16 22:30 - 2016-09-06 21:30 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00531456 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2016-09-16 22:30 - 2016-09-06 21:30 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 01239552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00896512 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00785408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\azroles.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00283136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-09-16 22:30 - 2016-09-06 21:29 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\licensingdiag.exe
2016-09-16 22:30 - 2016-09-06 21:28 - 02731008 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-09-16 22:30 - 2016-09-06 21:28 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\Pimstore.dll
2016-09-16 22:30 - 2016-09-06 21:28 - 01211904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Cred.dll
2016-09-16 22:30 - 2016-09-06 21:28 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-09-16 22:30 - 2016-09-06 21:28 - 00638976 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2016-09-16 22:30 - 2016-09-06 21:28 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 03415040 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-09-16 22:30 - 2016-09-06 21:27 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll
2016-09-16 22:30 - 2016-09-06 21:25 - 02445312 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-09-16 22:30 - 2016-09-06 21:25 - 01965568 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2016-09-16 22:30 - 2016-09-06 21:25 - 01228800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-09-16 22:30 - 2016-09-06 21:25 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-09-16 22:30 - 2016-09-06 21:25 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2016-09-16 22:30 - 2016-09-06 21:25 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-09-16 22:30 - 2016-09-06 21:24 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-09-16 22:30 - 2016-09-06 21:24 - 00805888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2016-09-16 22:30 - 2016-09-06 21:23 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-09-16 22:30 - 2016-09-06 21:22 - 12585472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-09-16 22:30 - 2016-09-06 21:22 - 01113600 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2016-09-16 22:30 - 2016-09-06 21:21 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-09-16 22:30 - 2016-09-06 21:21 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-09-16 22:30 - 2016-09-06 21:20 - 06976000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-16 22:30 - 2016-09-06 21:20 - 06675968 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2016-09-16 22:30 - 2016-09-06 21:20 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-09-16 22:30 - 2016-09-06 21:20 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2016-09-16 22:30 - 2016-09-06 21:19 - 04078592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-09-16 22:30 - 2016-09-06 21:19 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-09-16 22:30 - 2016-09-06 21:19 - 02563584 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-09-16 22:30 - 2016-09-06 21:19 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\winipcsecproc.dll
2016-09-16 22:30 - 2016-09-06 21:19 - 00527872 _____ (Microsoft Corporation) C:\Windows\system32\w32time.dll
2016-09-16 22:30 - 2016-09-06 21:19 - 00515584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2016-09-16 22:30 - 2016-09-06 21:19 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2016-09-16 22:30 - 2016-09-06 21:17 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-09-16 22:30 - 2016-09-06 21:17 - 00833536 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2016-09-16 22:30 - 2016-09-06 21:16 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-09-16 22:30 - 2016-09-06 21:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-09-16 22:30 - 2016-09-06 21:15 - 01978880 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2016-09-16 22:30 - 2016-09-06 21:15 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-09-16 22:30 - 2016-09-06 21:14 - 02000896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-16 22:30 - 2016-09-06 21:14 - 01097216 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-09-16 22:30 - 2016-09-06 21:13 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-09-16 22:30 - 2016-09-06 21:13 - 00984576 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-09-16 22:30 - 2016-09-06 21:13 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2016-09-16 22:30 - 2016-09-06 21:12 - 02632192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-09-16 22:30 - 2016-09-06 21:12 - 01036288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-09-16 22:30 - 2016-09-06 21:11 - 00958976 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-09-16 22:30 - 2016-09-06 21:11 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\DbgModel.dll
2016-09-16 22:30 - 2016-09-06 21:11 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-16 22:30 - 2016-09-06 21:10 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\certca.dll
2016-09-16 22:30 - 2016-09-06 21:10 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DbgModel.dll
2016-09-16 22:30 - 2016-09-06 21:09 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-16 22:30 - 2016-09-06 20:57 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-09-15 11:03 - 2016-09-15 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-12 06:11 - 2016-09-12 06:11 - 00042792 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe
2016-09-12 06:05 - 2016-09-12 06:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys
2016-09-12 06:05 - 2016-09-12 06:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys
2016-09-12 06:05 - 2016-09-12 06:05 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys
2016-09-08 01:47 - 2016-09-08 01:47 - 00000000 ____D C:\Users\Jimbodan\.android
2016-09-08 01:44 - 2016-09-08 01:44 - 00002549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
2016-09-08 01:44 - 2016-09-08 01:44 - 00000000 ____D C:\Program Files\Mobile Stream
2016-09-01 09:03 - 2016-09-04 02:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-29 17:57 - 2016-08-29 17:57 - 00001072 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2016-08-29 17:57 - 2016-08-29 17:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2016-08-29 16:52 - 2016-08-29 16:52 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\RzStats
2016-08-26 03:50 - 2016-08-26 03:50 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-24 23:39 - 2016-08-24 23:39 - 00003354 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task
2016-08-24 23:39 - 2016-08-24 23:39 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\Skype
2016-08-24 12:37 - 2016-08-24 12:37 - 00153248 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2016-08-19 06:38 - 2016-08-19 06:38 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\openvr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-17 18:16 - 2016-07-19 13:41 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Battle.net
2016-09-17 18:05 - 2016-07-19 22:00 - 00000944 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-17 17:53 - 2016-07-19 13:49 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\KeePass
2016-09-17 06:56 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\AppReadiness
2016-09-17 06:38 - 2016-07-19 19:00 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-17 06:28 - 2016-07-19 09:37 - 00881036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-17 06:28 - 2015-10-30 00:21 - 00000000 ____D C:\Windows\INF
2016-09-17 06:22 - 2016-07-20 00:09 - 00000408 _____ C:\Windows\Tasks\Optimize Thumbnail Cache Files.job
2016-09-17 06:22 - 2016-07-19 22:00 - 00000940 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-17 06:22 - 2016-07-19 13:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-17 06:22 - 2016-07-19 12:49 - 00026192 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2016-09-17 06:22 - 2016-04-26 23:34 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-17 06:21 - 2015-10-29 23:28 - 00786432 ___SH C:\Windows\system32\config\BBI
2016-09-17 05:25 - 2016-07-19 21:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 03:34 - 2016-07-19 04:03 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\ElevatedDiagnostics
2016-09-17 03:34 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\NDF
2016-09-17 02:56 - 2016-07-19 06:09 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\tixati
2016-09-17 02:49 - 2015-10-30 00:11 - 00000000 ____D C:\Windows\CbsTemp
2016-09-17 02:44 - 2016-07-19 12:59 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Google
2016-09-17 02:44 - 2016-07-19 12:59 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-17 02:00 - 2016-07-20 00:10 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Adobe
2016-09-17 01:28 - 2016-07-22 01:16 - 00000000 ____D C:\Windows\Minidump
2016-09-17 01:28 - 2016-07-19 18:15 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\CrashDumps
2016-09-16 22:42 - 2016-07-19 21:52 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Innkeeper
2016-09-16 22:42 - 2016-07-19 21:52 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\SquirrelTemp
2016-09-16 22:42 - 2016-07-19 21:52 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Innkeeper
2016-09-16 22:42 - 2016-04-26 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ___SD C:\Windows\system32\F12
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\PrintDialog
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\setup
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\oobe
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\migwiz
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-09-16 22:39 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-09-16 22:39 - 2015-10-29 23:31 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-09-16 22:39 - 2015-10-29 23:31 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-09-16 22:39 - 2015-10-29 23:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-16 22:39 - 2015-10-29 23:28 - 00000000 ____D C:\Windows\system32\Dism
2016-09-16 22:38 - 2016-07-19 09:53 - 00000000 ____D C:\Users\Jimbodan
2016-09-16 22:35 - 2016-07-19 06:12 - 00000000 ____D C:\Windows\system32\MRT
2016-09-16 22:35 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-16 22:32 - 2016-07-19 06:12 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-16 22:28 - 2015-10-30 00:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2016-09-16 22:28 - 2015-10-30 00:19 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2016-09-16 22:28 - 2015-10-30 00:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2016-09-16 06:41 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-16 04:26 - 2016-07-19 06:39 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\vlc
2016-09-16 02:32 - 2016-07-25 21:27 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\DC++
2016-09-16 02:32 - 2016-07-25 21:27 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\DC++
2016-09-15 11:03 - 2016-07-19 22:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-13 07:30 - 2016-07-19 08:10 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Deployment
2016-09-12 13:19 - 2016-07-19 09:53 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Packages
2016-09-09 02:03 - 2016-07-19 21:52 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI
2016-09-08 01:44 - 2016-07-19 12:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-06 23:10 - 2015-10-30 01:13 - 00400614 __RSH C:\bootmgr
2016-09-06 23:04 - 2016-04-26 23:34 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-09-06 18:00 - 2015-10-30 00:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-06 18:00 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-04 02:22 - 2016-07-19 04:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-03 01:11 - 2016-07-19 14:10 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\foobar2000
2016-08-29 23:41 - 2016-08-17 17:27 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-29 23:41 - 2016-08-17 17:27 - 00000000 ____D C:\Users\Jimbodan\AppData\Roaming\discord
2016-08-29 23:41 - 2016-08-17 17:27 - 00000000 ____D C:\Users\Jimbodan\AppData\Local\Discord
2016-08-26 03:50 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-26 03:50 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-24 23:39 - 2016-07-19 09:54 - 00002376 _____ C:\Users\Jimbodan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-24 23:39 - 2016-07-19 09:54 - 00000000 ___RD C:\Users\Jimbodan\OneDrive
2016-08-24 12:37 - 2016-05-12 10:48 - 00015488 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
2016-08-24 12:37 - 2015-07-13 07:14 - 00263296 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2016-08-24 12:37 - 2015-07-13 07:14 - 00208552 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2016-08-24 12:37 - 2015-07-13 07:14 - 00197288 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2016-08-24 12:37 - 2015-07-13 07:14 - 00084640 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2016-08-24 12:37 - 2015-07-13 07:14 - 00061608 _____ (ESET) C:\Windows\system32\Drivers\epfwlwf.sys
2016-08-18 23:39 - 2015-10-30 00:24 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2016-07-21 20:37 - 2016-07-22 21:03 - 0007608 _____ () C:\Users\Jimbodan\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Jimbodan\AppData\Local\Temp\libeay32.dll
C:\Users\Jimbodan\AppData\Local\Temp\msvcr120.dll
C:\Users\Jimbodan\AppData\Local\Temp\sqlite3.dll
C:\Users\Jimbodan\AppData\Local\Temp\wVx4rt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-11 00:24
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 18 September 2016 - 10:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove these programs via the Control Panell > Programs > Programs and Features.
ClipGrab 3.6.1 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
YTD Video Downloader 5.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7.1 - GreenTree Applications SRL) <==== ATTENTION
---

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
Hosts:

HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Aggiorna ESET license.lnk -> H:\Temp and Trial Stuff\MiNODLogin\launcher.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Clone Window) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}.xpi [2012-01-29] [not signed]
CHR Extension: (BetterTTV) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
S3 dbx; system32\DRIVERS\dbx.sys [X]
CustomCLSID: HKU\S-1-5-21-1084192390-2770222576-1164625261-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-33F0FD53DA2B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: C:\Windows\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

If at ease to modify the registry DO NOT just yet restart the registry.
Follow my instructionsin the box below.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Make sure the System restore IS ON.
The Fixlog will give you that information.
 

- Open regedit.exe (execute Regedit.exe from the Start > Run box and click OK.)
- Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
- Right Click --> Permissions...
- In "Group or user names" select SYSTEM
- Tick deny check boxes for full control and read --> Click ok
- Deleted ProxySettingsPerUser
- Restart the computer normally to reset the registry.


If not at ease with modifying the registry.
Restart the computer normally.

===

Lets see what we can fin in the Registry.

Please run the Farbar Recovery Scan Tool. Enter ProxySettingsPerUser;AutoConfigUrl in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Post the Fixlog and the Farbar search logs for my review.

Let me know if the problem persists.

#3 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 18 September 2016 - 11:23 AM

Thank you for taking the time to help me!

 

I followed your instructions and the problem still persists.

 

After the restart, the computer took a very very long time to reboot. I was pretty panicked. Is this normal?

 

Anyway, here is the Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by Jimbodan (18-09-2016 08:49:32) Run:1
Running from E:\Users\jimbodan\Downloads
Loaded Profiles: Jimbodan (Available Profiles: Jimbodan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
Hosts:
 
HKLM-x32\...\Run: [] => [X]
ShortcutTarget: Aggiorna ESET license.lnk -> H:\Temp and Trial Stuff\MiNODLogin\launcher.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Extension: (Clone Window) - C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}.xpi [2012-01-29] [not signed]
CHR Extension: (BetterTTV) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
S3 dbx; system32\DRIVERS\dbx.sys [X]
CustomCLSID: HKU\S-1-5-21-1084192390-2770222576-1164625261-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-33F0FD53DA2B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
Task: C:\Windows\Tasks\Optimize Thumbnail Cache Files.job => Wscript.exe J/nologo /E:jscript /B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1084192390-2770222576-1164625261-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
H:\Temp and Trial Stuff\MiNODLogin\launcher.exe => not found.
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\Extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}.xpi => moved successfully
C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped => moved successfully
C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
dbx => service removed successfully
"HKU\S-1-5-21-1084192390-2770222576-1164625261-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-33F0FD53DA2B}" => key removed successfully
C:\Windows\Tasks\Optimize Thumbnail Cache Files.job => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 3877964 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23345480 B
Java, Flash, Steam htmlcache => 31720898 B
Windows/system/drivers => 21564453 B
Edge => 15917357 B
Chrome => 482358794 B
Firefox => 34437854 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 7346 B
NetworkService => 0 B
Jimbodan => 241643726 B
 
RecycleBin => 0 B
EmptyTemp: => 815.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:49:40 ====
 
 
 
And here is the Farbar search log:
 
 
Farbar Recovery Scan Tool (x64) Version: 17-09-2016
Ran by Jimbodan (18-09-2016 09:20:21)
Running from E:\Users\jimbodan\Downloads
Boot Mode: Normal
 
================== Search Registry: "ProxySettingsPerUser;AutoConfigUrl" ===========
 
 
===================== Search result for "ProxySettingsPerUser" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxySettingsPerUser"="0"
 
====== End of Search ======


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 19 September 2016 - 08:09 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
resetieproxy;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

#5 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 19 September 2016 - 07:26 PM

I followed your instructions, but the program seemed to have stalled. It never opened the log file in notepad and when I tried to close it, it said it was still running. I started it around 7:20am my time and let it run until around 5pm my time before trying to close it. Would you like me to try running it again?

 

After a restart the problem still persists. The proxy server appears to still be there and I am still unable to change it until I manually delete registry entries.

 

I've been following your instructions and running the programs you tell me to run AFTER I manually delete the registry entries mentioned here: https://community.spiceworks.com/topic/446898-can-t-disable-proxy-in-ie10?page=1 in Philip Turner's reply. When I make those changes I am able to disable the proxy server, but after every restart the proxy comes back. If you would like me to run them BEFORE I do this, please let me know!

 

Also, after following your instructions in this thread my computer is taking over 5 minutes to restart Windows, the last restart took 7 minutes! Before doing anything here I would be back on my desktop in under a minute when restarting.

 

Here is the log file:

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jimbodan on Mon 09/19/2016 at  7:25:17.28.
Microsoft Windows 10 Pro 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: E:\Users\Jimbodan\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
9/19/2016 7:26:14 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Cyborg Auto-Profiler deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Jimbodan\AppData\Local\ActiveSync deleted successfully
C:\Users\Jimbodan\AppData\Local\CrashDumps deleted successfully
C:\Users\Jimbodan\AppData\Local\PeerDistRepub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default
 
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("capability.policy.maonoscript.sites", "172.16.0.254 192.168.2.1 addons.mozilla.org adsonar.com afx.ms ajax.googleapis.com amazon.com androi
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20160919_0732_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Cyborg Auto-Profiler not found
C:\Users\Jimbodan\AppData\Roaming\discord deleted
C:\Users\Jimbodan\.android deleted
C:\Cyborg Auto-Profiler.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\tmp42BB.tmp deleted
C:\Windows\Syswow64\tmp42BC.tmp deleted
C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\searchplugins\amazon-search-suggestions.xml deleted
C:\Users\Jimbodan\AppData\Roaming\Mozilla\Firefox\Profiles\ycymb86d.default\searchplugins\youtube-video-search.xml deleted
"C:\Windows\Installer\175488e.msi" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cookies" not deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache\data_0" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache\data_1" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache\data_2" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache\data_3" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache\index" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache\data_0" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache\data_1" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache\data_2" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache\data_3" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache\index" deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Local Storage\http_localhost_31090.localstorage" not deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI" not deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Cache" not deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\GPUCache" not deleted
"C:\Users\Jimbodan\AppData\Roaming\InnkeeperUI\Local Storage" not deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension.15@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [07/20/2016 12:45 AM]

Edited by jimbobob23, 19 September 2016 - 07:31 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 20 September 2016 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Caphyon LTD) C:\Windows\Installer\MSIE21F.tmp
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=M476163AF-5D0E-4CA1-97EF-B48E7FB706E3&SearchSource=55&CUI=&UM=8&UP=SPB06FF8A8-51CF-4E46-9FC1-38D59F42623D&D=062815&SSPV=","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIloLWF0TQxgXI11aTA1JFgQOIQgKVRQXEwQXdlsBVAsSQ1MFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP"
C:\Windows\Installer\MSIE21F.tmp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#7 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 20 September 2016 - 10:52 AM

I followed the instructions and the problem still persists. I restarted my computer after everything was finished and the problem is still there.

 

Here are the logs you requested.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Jimbodan (20-09-2016 08:08:52) Run:2
Running from E:\Users\jimbodan\Downloads
Loaded Profiles: Jimbodan (Available Profiles: Jimbodan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Caphyon LTD) C:\Windows\Installer\MSIE21F.tmp
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=M476163AF-5D0E-4CA1-97EF-B48E7FB706E3&SearchSource=55&CUI=&UM=8&UP=SPB06FF8A8-51CF-4E46-9FC1-38D59F42623D&D=062815&SSPV=","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIloLWF0TQxgXI11aTA1JFgQOIQgKVRQXEwQXdlsBVAsSQ1MFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP"
C:\Windows\Installer\MSIE21F.tmp
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\Installer\MSIE21F.tmp => No running process found
Chrome StartupUrls => removed successfully
C:\Windows\Installer\MSIE21F.tmp => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1671553 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22185681 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1196820 B
Edge => 103095 B
Chrome => 489933646 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 128 B
LocalService => 4898 B
NetworkService => 0 B
Jimbodan => 212974156 B
 
RecycleBin => 0 B
EmptyTemp: => 694.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:09:19 ====
 
 
Rkill:
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 09/20/2016 08:19:15 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 09/20/2016 08:19:36 AM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
 
 
Report Rogue:
 
RogueKiller V12.6.3.0 (x64) [Sep 19 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Jimbodan [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/20/2016 08:26:25 (Duration : 00:10:31)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8080;https=127.0.0.1:8080  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] ycymb86d.default : 1-Click Dailymotion Video Download [DailymotionVideoDownloader@PeterOlayev.com] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD103SJ +++++
--- User ---
[MBR] d362b096c60f62620ed9515813f579d1
[BSP] bccfbfc91dad622bfbbe6133ed94bf1f : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD10EZEX-08M2NA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Crucial_CT256MX100SSD1 +++++
--- User ---
[MBR] d068a12f50c1f89488dd189f0fd2636f
[BSP] a7c0b45734247700a6089946202024b3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244195 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: CT120BX100SSD1 +++++
--- User ---
[MBR] 85a40d65c0be123fd47caac493d203fc
[BSP] 5fb3ec3c220a021affe610defb558f4e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive4: Patriot Pyro +++++
--- User ---
[MBR] e989e8df7de7a5e8eccd933dacbf0959
[BSP] d7ff20a49b1ea4317958a23458f7c9f2 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 21 September 2016 - 08:43 AM


I would remove this Firefox Addon.

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] ycymb86d.default : 1-Click Dailymotion Video Download [DailymotionVideoDownloader@PeterOlayev.com] -> Found


Look at the review.
https://addons.mozilla.org/en-us/firefox/addon/1-click-dailymotion-video-d/

Run the RogueKiller tool and remove all the Proxy entries.

Restart the computer normally.

If the problem persists please run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (MTB.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#9 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 September 2016 - 10:31 AM

As far as I am aware I do not have  1-Click Dailymotion Video Download installed in Firefox. Here is a screenshot of my Firefox extensions: http://imgur.com/a/H8ziC

 

I followed your instructions and the problem still persists. In addition, my Windows startup times have now gotten incredibly long since following the advice in this thread, they have gone from under a minute to get back to my desktop to now over 7 minutes. What is causing this? 

 

Here is the requested MiniToolBox log:

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Jimbodan (administrator) on 21-09-2016 at 08:21:18
Running from "E:\Users\jimbodan\Downloads"
Microsoft Windows 10 Pro  (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Intel® Ethernet Connection (2) I219-V = Ethernet (Connected)
EasyTether Network Adapter = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Ethernet" nexthop=192.168.0.1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Ethernet" address=192.168.0.101 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-G0LH54O
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Ethernet Connection (2) I219-V
   Physical Address. . . . . . . . . : 40-8D-5C-FF-9D-0A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::44fc:2792:1c57:4b98%10(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 172002652
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-20-3F-74-40-8D-5C-FF-9D-0A
   DNS Servers . . . . . . . . . . . : 8.8.4.4
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : EasyTether Network Adapter
   Physical Address. . . . . . . . . : 02-00-54-74-68-72
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A88DFB7C-EFD8-4C40-A441-37D49435F613}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1475:3e56:3f57:ff9a(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1475:3e56:3f57:ff9a%14(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-20-3F-74-40-8D-5C-FF-9D-0A
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-b.google.com
Address:  8.8.4.4
 
Name:    google.com
Addresses:  2607:f8b0:4005:801::200e
 216.58.192.14
 
 
Pinging google.com [216.58.192.14] with 32 bytes of data:
Reply from 216.58.192.14: bytes=32 time=12ms TTL=53
Reply from 216.58.192.14: bytes=32 time=12ms TTL=53
 
Ping statistics for 216.58.192.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server:  google-public-dns-b.google.com
Address:  8.8.4.4
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=36ms TTL=51
Reply from 206.190.36.45: bytes=32 time=120ms TTL=51
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 36ms, Maximum = 120ms, Average = 78ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...40 8d 5c ff 9d 0a ......Intel® Ethernet Connection (2) I219-V
 13...02 00 54 74 68 72 ......EasyTether Network Adapter
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.101    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.101    266
    192.168.0.101  255.255.255.255         On-link     192.168.0.101    266
    192.168.0.255  255.255.255.255         On-link     192.168.0.101    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.101    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.101    266
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0      192.168.0.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 14    306 2001::/32                On-link
 14    306 2001:0:9d38:6ab8:1475:3e56:3f57:ff9a/128
                                    On-link
 10    266 fe80::/64                On-link
 14    306 fe80::/64                On-link
 14    306 fe80::1475:3e56:3f57:ff9a/128
                                    On-link
 10    266 fe80::44fc:2792:1c57:4b98/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
 14    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/21/2016 08:20:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: ApCent.exe, version: 1.0.0.0, time stamp: 0x56b46717
Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf9bf1
Exception code: 0xc000041d
Fault offset: 0x000bdb18
Faulting process id: 0x143c
Faulting application start time: 0xApCent.exe0
Faulting application path: ApCent.exe1
Faulting module path: ApCent.exe2
Report Id: ApCent.exe3
Faulting package full name: ApCent.exe4
Faulting package-relative application ID: ApCent.exe5
 
Error: (09/21/2016 08:18:13 AM) (Source: Application Error) (User: )
Description: Faulting application name: ApCent.exe, version: 1.0.0.0, time stamp: 0x56b46717
Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf9bf1
Exception code: 0xe0434352
Fault offset: 0x000bdb18
Faulting process id: 0x143c
Faulting application start time: 0xApCent.exe0
Faulting application path: ApCent.exe1
Faulting module path: ApCent.exe2
Report Id: ApCent.exe3
Faulting package full name: ApCent.exe4
Faulting package-relative application ID: ApCent.exe5
 
Error: (09/21/2016 08:18:13 AM) (Source: .NET Runtime) (User: )
Description: Application: ApCent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at System.Management.ThreadDispatch.Start()
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at ApCent.MainWindow.GetLastBootTime()
   at ApCent.MainWindow.ChkIsFirstRun()
   at ApCent.MainWindow.Window_Loaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
 
Error: (09/21/2016 08:17:42 AM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-10-21T15:09:42Z. Error Code: 0x80040154.
 
Error: (09/21/2016 08:17:11 AM) (Source: Application Error) (User: )
Description: Faulting application name: ubssrv_oc_only.exe, version: 1.0.0.0, time stamp: 0x530dce70
Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf9bf1
Exception code: 0xe0434352
Fault offset: 0x000bdb18
Faulting process id: 0x13c4
Faulting application start time: 0xubssrv_oc_only.exe0
Faulting application path: ubssrv_oc_only.exe1
Faulting module path: ubssrv_oc_only.exe2
Report Id: ubssrv_oc_only.exe3
Faulting package full name: ubssrv_oc_only.exe4
Faulting package-relative application ID: ubssrv_oc_only.exe5
 
Error: (09/21/2016 08:17:11 AM) (Source: .NET Runtime) (User: )
Description: Application: ubssrv_oc_only.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
 
Exception Info: System.InvalidOperationException
   at System.ServiceProcess.ServiceController.Start(System.String[])
   at System.ServiceProcess.ServiceController.Start()
   at HW_OBJ.Service_New_Tune.InitObjects()
   at HW_OBJ.Service_New_Tune..ctor()
   at HW_OBJ.HWmonitorObj..ctor(System.Windows.Forms.Control)
   at ubssrv.Program..cctor()
 
Exception Info: System.TypeInitializationException
   at ubssrv.Program.Main(System.String[])
 
Error: (09/21/2016 08:17:10 AM) (Source: Software Protection Platform Service) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-10-21T15:10:05Z. Error Code: 0x8007071A.
 
Error: (09/21/2016 08:09:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002fe34
Faulting process id: 0x424
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5
 
Error: (09/21/2016 08:08:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: NvStreamNetworkService.exe, version: 7.1.2084.9592, time stamp: 0x57605ac0
Faulting module name: NvMdnsPlugin.dll_unloaded, version: 0.0.0.0, time stamp: 0x57605fbb
Exception code: 0xc0000005
Fault offset: 0x00000000000d45a0
Faulting process id: 0x1228
Faulting application start time: 0xNvStreamNetworkService.exe0
Faulting application path: NvStreamNetworkService.exe1
Faulting module path: NvStreamNetworkService.exe2
Report Id: NvStreamNetworkService.exe3
Faulting package full name: NvStreamNetworkService.exe4
Faulting package-relative application ID: NvStreamNetworkService.exe5
 
Error: (09/21/2016 08:08:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_iphlpsvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000005
Fault offset: 0x000000000002fe34
Faulting process id: 0x123c
Faulting application start time: 0xsvchost.exe_iphlpsvc0
Faulting application path: svchost.exe_iphlpsvc1
Faulting module path: svchost.exe_iphlpsvc2
Report Id: svchost.exe_iphlpsvc3
Faulting package full name: svchost.exe_iphlpsvc4
Faulting package-relative application ID: svchost.exe_iphlpsvc5
 
 
System errors:
=============
Error: (09/21/2016 08:19:11 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
 
Error: (09/21/2016 08:19:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:19:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:19:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Group Policy Client service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:18:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:18:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:18:11 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.
 
 
Error: (09/21/2016 08:17:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/21/2016 08:17:11 AM) (Source: Service Control Manager) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/21/2016 08:17:11 AM) (Source: Service Control Manager) (User: )
Description: The User Manager service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2016 08:20:56 AM) (Source: Application Error)(User: )
Description: ApCent.exe1.0.0.056b46717KERNELBASE.dll10.0.10586.58957cf9bf1c000041d000bdb18143c01d2141b3aeb06d4C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exeC:\Windows\SYSTEM32\KERNELBASE.dll76d3a1a0-b171-4472-8a06-d42bec43ebd0
 
Error: (09/21/2016 08:18:13 AM) (Source: Application Error)(User: )
Description: ApCent.exe1.0.0.056b46717KERNELBASE.dll10.0.10586.58957cf9bf1e0434352000bdb18143c01d2141b3aeb06d4C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exeC:\Windows\SYSTEM32\KERNELBASE.dll74521440-78f8-44c8-934c-7ad441c40ac8
 
Error: (09/21/2016 08:18:13 AM) (Source: .NET Runtime)(User: )
Description: Application: ApCent.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
   at System.Management.ThreadDispatch.Start()
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at ApCent.MainWindow.GetLastBootTime()
   at ApCent.MainWindow.ChkIsFirstRun()
   at ApCent.MainWindow.Window_Loaded(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.RoutedEventHandlerInfo.InvokeHandler(System.Object, System.Windows.RoutedEventArgs)
   at System.Windows.EventRoute.InvokeHandlersImpl(System.Object, System.Windows.RoutedEventArgs, Boolean)
   at System.Windows.UIElement.RaiseEventImpl(System.Windows.DependencyObject, System.Windows.RoutedEventArgs)
   at System.Windows.UIElement.RaiseEvent(System.Windows.RoutedEventArgs)
   at System.Windows.BroadcastEventHelper.BroadcastEvent(System.Windows.DependencyObject, System.Windows.RoutedEvent)
   at System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(System.Object)
   at MS.Internal.LoadedOrUnloadedOperation.DoWork()
   at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()
   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()
   at System.Windows.Media.MediaContext.RenderMessageHandlerCore(System.Object)
   at System.Windows.Media.MediaContext.RenderMessageHandler(System.Object)
   at System.Windows.Media.MediaContext.Resize(System.Windows.Media.ICompositionTarget)
   at System.Windows.Interop.HwndTarget.OnResize()
   at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
   at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
 
Error: (09/21/2016 08:17:42 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x800401542016-10-21T15:09:42Z
 
Error: (09/21/2016 08:17:11 AM) (Source: Application Error)(User: )
Description: ubssrv_oc_only.exe1.0.0.0530dce70KERNELBASE.dll10.0.10586.58957cf9bf1e0434352000bdb1813c401d2141a2351864eC:\Program Files (x86)\Gigabyte\CloudStation_Server\RemoteOC\ubssrv_oc_only.exeC:\Windows\SYSTEM32\KERNELBASE.dlleb8e774f-a9bd-4b09-91dd-627d5931bc78
 
Error: (09/21/2016 08:17:11 AM) (Source: .NET Runtime)(User: )
Description: Application: ubssrv_oc_only.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
 
Exception Info: System.InvalidOperationException
   at System.ServiceProcess.ServiceController.Start(System.String[])
   at System.ServiceProcess.ServiceController.Start()
   at HW_OBJ.Service_New_Tune.InitObjects()
   at HW_OBJ.Service_New_Tune..ctor()
   at HW_OBJ.HWmonitorObj..ctor(System.Windows.Forms.Control)
   at ubssrv.Program..cctor()
 
Exception Info: System.TypeInitializationException
   at ubssrv.Program.Main(System.String[])
 
Error: (09/21/2016 08:17:10 AM) (Source: Software Protection Platform Service)(User: )
Description: 0x8007071A2016-10-21T15:10:05Z
 
Error: (09/21/2016 08:09:21 AM) (Source: Application Error)(User: )
Description: svchost.exe_iphlpsvc10.0.10586.05632d7bantdll.dll10.0.10586.306571af2ebc0000005000000000002fe3442401d2141a20a7f5dcC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllbe75c403-db85-4c51-8346-54688916da04
 
Error: (09/21/2016 08:08:24 AM) (Source: Application Error)(User: )
Description: NvStreamNetworkService.exe7.1.2084.959257605ac0NvMdnsPlugin.dll_unloaded0.0.0.057605fbbc000000500000000000d45a0122801d21414741211cfC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeNvMdnsPlugin.dlla5e12179-022f-415b-8aa6-27187f43f3e1
 
Error: (09/21/2016 08:08:20 AM) (Source: Application Error)(User: )
Description: svchost.exe_iphlpsvc10.0.10586.05632d7bantdll.dll10.0.10586.306571af2ebc0000005000000000002fe34123c01d214158ae6a7cfC:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll8a503155-a6b2-4ce4-bfa1-4511fd683f5f
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-19 17:34:44.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-18 09:28:50.752
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-18 04:24:19.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 06:38:32.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 06:16:25.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 05:39:13.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 03:03:30.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 02:55:39.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 02:30:32.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-17 02:17:15.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
**** End of log ****


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 21 September 2016 - 12:59 PM



t may just be that the ApCent.exe from Gigabyte is the culprit.
https://www.reasoncoresecurity.com/apcent.exe-8dc101ace287299d0cbee413ee1855605265054d.aspx

Is there a way for you to reinstall the Gigabytes programs?

If not I suggest you start a new topic in the Windows 10 forum
http://www.bleepingcomputer.com/forums/f/229/windows-10-support/

An expert should be able to help you.

The problem is not caused by malware and this is not my forte.

I will leave this topic open for 6 days. If you need to return please do.

#11 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 21 September 2016 - 06:44 PM

Yeah, I can try to reinstall the Gigabyte stuff.

 

My problem with the proxy server still persists. Can we please continue trying to fix that?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 22 September 2016 - 10:19 AM

I found a success story here.

https://forums.malwarebytes.org/topic/167403-unable-to-deactivate-http1270018080proxypac/

I wish I could copy and paste the instructions. The log is closed and the option is not available.

Please go to post No. 2.

Follow the instructions from this line:

Follow the instructions in the following link to show hidden files:

to and including:

Post those logs to your next reply, also give an update on any remaining issues or concerns....

p.s.
I know that you have executed the MBAM and the Adwcleaner. Please run them again as suggested in the MBAM log.

#13 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 22 September 2016 - 10:29 AM

Thank you, I will try that and report back, one question though before I start, There are 2 occurrences of "Follow the instructions in the following link to show hidden files:"  Should I start from the first or second? If it's the first then does that mean I should download and run the Fixlist.txt that is attached to that post? I'm definitely not an expert, but it seems like that Fixlist.txt has some stuff that is specific to the other user's computer.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 PM

Posted 22 September 2016 - 01:07 PM


For the see the Hidden file use this link.
://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

No do not download and run the Fixlist from that topic.

If need be I will create a new one when you are finished with the execution of the tools suggested.

#15 jimbobob23

jimbobob23
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 23 September 2016 - 02:37 AM

I have followed the instructions and the problem still persists. One thing I have noticed, and I don't know if it is important or not, every time I run AdwCleaner it finds the same 2 things under web browser (they should be in the log). I click clean every time but they seem to always come back.

 

Here are the requested logs:

 

Malwarebytes:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/22/2016
Scan Time: 11:23 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.23.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Jimbodan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 302919
Time Elapsed: 5 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
AdwCleaner:
 
 
# AdwCleaner v6.020 - Logfile created 22/09/2016 at 23:32:54
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-22.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Jimbodan - DESKTOP-G0LH54O
# Running from : E:\Users\jimbodan\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3327155&octid=EB_ORIGINAL_CTID&ISID=M476163AF-5D0E-4CA1-97EF-B48E7FB706E3&SearchSource=55&CUI=&UM=8&UP=SPB06FF8A8-51CF-4E46-9FC1-38D59F42623D&D=062815&SSPV=
[-] [C:\Users\Jimbodan\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIloLWF0TQxgXI11aTA1JFgQOIQgKVRQXEwQXdlsBVAsSQ1MFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmRFdoLlZP
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1786 Bytes] - [17/09/2016 06:21:31]
C:\AdwCleaner\AdwCleaner[C2].txt - [1699 Bytes] - [22/09/2016 22:28:07]
C:\AdwCleaner\AdwCleaner[C3].txt - [1418 Bytes] - [22/09/2016 23:32:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [1738 Bytes] - [17/09/2016 06:20:43]
C:\AdwCleaner\AdwCleaner[S1].txt - [1700 Bytes] - [22/09/2016 22:26:33]
C:\AdwCleaner\AdwCleaner[S2].txt - [1824 Bytes] - [22/09/2016 23:31:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1710 Bytes] ##########
 
 
JRT:
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64 
Ran by Jimbodan (Administrator) on Thu 09/22/2016 at 23:56:22.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 1 
 
Successfully deleted: C:\Users\Jimbodan\AppData\Roaming\3909 (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1BF4372F2CC1415D61429F55336122A9 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/22/2016 at 23:57:05.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
MRT:
 
 
 
---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.40, September 2016 (build 5.40.13000.0)
Started On Fri Sep 23 00:07:06 2016
 
Engine: 1.1.13000.0
Signatures: 1.227.1155.0
Run Mode: Interactive Graphical Mode
 
Results Summary:
----------------
No infection found.
Successfully Submitted MAPS Report
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 23 00:11:08 2016
 
 
Return code: 0 (0x0)
 
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users