Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant remove Dashlane appears I have an au_.exe problem


  • This topic is locked This topic is locked
5 replies to this topic

#1 tinag9876

tinag9876

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 02 January 2017 - 06:28 PM

When I try to uninstall dashlane I get a message asking if I want au_.exe to make changes to my computer. I deny this request, of course. I have tried downloading and reinstalling dashlane from the vendor site in hopes it would overwrite the infected installation, but that hasn't worked.

 

I am running Windows 10 Home x64 Build 14393 with Kapersky Internet Security  17.0.0.611© 

 

au_.exe appears in the folder C:\Users\chels\AppData\Local\Temp\~nsu.tmp. I have tried deleting this folder, but it is just recreated whenever I attempt to uninstall dashlane. 

 

I have run Adware Cleaner 6.0.4.1 several times this morning.  The first time I ran in Scan mode and Adware Cleaner found some threats, so I ran in Clean Mode. This is the clean mode log file:

 

=======================================BOF=============================================

# AdwCleaner v6.041 - Logfile created 03/01/2017 at 10:48:44
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : chels - ACER-EM75M7KU
# Running from : D:\Chels\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  Amazon 1Button App Service
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\chels\AppData\Local\Host App Service
Folder Found:  C:\Users\jayem\AppData\Local\Host App Service
Folder Found:  C:\Users\jenni\AppData\Local\Host App Service
Folder Found:  C:\Program Files\DriverSetupUtility
Folder Found:  C:\ProgramData\DriverSetupUtility
Folder Found:  C:\ProgramData\Application Data\DriverSetupUtility
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Users\chels\AppData\Local\Host App Service
Folder Found:  C:\Users\Default\AppData\Local\Host App Service
Folder Found:  C:\Users\Public\Pokki
 
 
***** [ Files ] *****
 
File Found:  C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
File Found:  C:\Users\jayem\Desktop\App Explorer.lnk
File Found:  C:\Users\jenni\Desktop\App Explorer.lnk
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
File Found:  C:\Users\Default\Desktop\App Explorer.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
Task Found:  App Explorer
Task Found:  Software Update Application
 
 
***** [ Registry ] *****
 
Key Found:  HKU\S-1-5-21-2047248549-3523246709-2014321820-1003\Software\Classes\AppXrh6feys59dqfzsv9p3s9p6aep0hwtb23
Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Key Found:  HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
Key Found:  [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Key Found:  [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Key Found:  [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\Software\Host App Service
Key Found:  HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  HKCU\Software\Host App Service
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  [x64] HKCU\Software\Host App Service
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Key Found:  HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [5547 Bytes] - [03/01/2017 10:48:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5620 Bytes] ##########
 
=======================================EOF=============================================
 
I downloaded and ran the Farbar Recovery Scan Tool (FRST64). Below is the contents of the FRST file and attached is the Addition.txt file. 
 

=======================================BOF=============================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by chels (administrator) on ACER-EM75M7KU (03-01-2017 11:58:38)
Running from D:\Chels\Downloads
Loaded Profiles: chels (Available Profiles: chels & jayem & jenni)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dashlane, Inc.) C:\Users\chels\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\chels\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16704512 2016-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1471488 2016-11-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-13] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1154560 2016-08-04] (Carbonite, Inc.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.)
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [Dashlane] => C:\Users\chels\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-12-08] (Dashlane, Inc.)
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [DashlanePlugin] => C:\Users\chels\AppData\Roaming\Dashlane\DashlanePlugin.exe [536960 2016-12-08] ()
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [151040 2016-07-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-08-04] (Carbonite, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{35a55928-e236-4789-b29d-ebbb7d9f86ef}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{35a55928-e236-4789-b29d-ebbb7d9f86ef}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5fdbc33b-3dfe-437f-9d84-b8e877048559}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-2047248549-3523246709-2014321820-1001 -> DefaultScope {C3FDC5E5-5746-4D0A-B1A3-BF0C335ADBC6} URL = 
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-04] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\chels\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-12-08] (Dashlane, Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\chels\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-12-08] (Dashlane, Inc.)
Toolbar: HKU\S-1-5-21-2047248549-3523246709-2014321820-1001 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-07] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-04] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: s82d4lgu.default
FF ProfilePath: C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default [2016-12-23]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\s82d4lgu.default -> Web Start
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\s82d4lgu.default -> Web Start
FF Homepage: Mozilla\Firefox\Profiles\s82d4lgu.default -> hxxps://webstart-page.com/?s=acer&m=start&brw=ff
FF Extension: (Amazon Assistant for Firefox) - C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default\Extensions\abb-acer@amazon.com [2016-09-18]
FF Extension: (Dashlane) - C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-12-08]
FF Extension: (English (US) Language Pack) - C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2016-10-15]
FF Extension: (Mozilla Partner Defaults) - C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default\Extensions\partnerdefaults@mozilla.com [2016-09-18]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-07]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://webstart-page.com/?s=acer&m=home&brw=ch
CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=acer&m=start&brw=ch"
CHR Profile: C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Google Slides) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-18]
CHR Extension: (Google Drive) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-18]
CHR Extension: (YouTube) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-18]
CHR Extension: (Google Sheets) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-18]
CHR Extension: (Kaspersky Protection) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-09-22]
CHR Extension: (Google Docs Offline) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-18]
CHR Extension: (Gmail) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows ® Win 7 DDK provider)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [9037824 2016-08-04] (Carbonite, Inc. (www.carbonite.com)) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [614376 2016-01-18] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [154816 2016-07-18] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-02] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-23] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365032 2016-01-18] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26608 2016-07-12] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-23] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-25] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-25] (Electronic Arts)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-03-10] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-03-10] (Acer Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [291232 2016-02-02] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-17] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [227952 2016-11-08] (Intel® Corporation)
R3 IntcDMic; C:\WINDOWS\system32\DRIVERS\IntcDMic.sys [607344 2016-08-19] (Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [659544 2016-11-08] (Intel® Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-09-20] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-03] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-07] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-07] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-12] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2016-12-16] ()
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-12] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-12] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-12] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-07] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21408 2016-03-10] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-03] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-03] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-17] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14752 2016-03-10] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57448 2015-10-22] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-17] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-17] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-17] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 11:45 - 2017-01-03 11:45 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-03 11:45 - 2017-01-03 11:45 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-03 11:45 - 2017-01-03 11:45 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-03 11:45 - 2017-01-03 11:45 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-03 11:45 - 2017-01-03 11:45 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-03 11:45 - 2017-01-03 11:45 - 00001916 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-03 11:45 - 2017-01-03 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-03 11:45 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-03 11:44 - 2017-01-03 11:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-03 11:44 - 2017-01-03 11:44 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-03 11:21 - 2017-01-03 11:58 - 00000000 ____D C:\FRST
2017-01-03 10:47 - 2017-01-03 11:57 - 00000000 ____D C:\AdwCleaner
2017-01-03 10:26 - 2017-01-03 11:08 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-01-03 10:13 - 2017-01-03 10:13 - 00000000 ____D C:\Users\chels\AppData\Local\IIIQF
2017-01-01 17:48 - 2017-01-01 17:48 - 00000000 ____D C:\Users\jenni\AppData\Local\Apple
2016-12-27 11:08 - 2016-12-27 11:08 - 00000000 ____D C:\Users\jenni\AppData\Local\NetworkTiles
2016-12-27 11:06 - 2016-12-27 11:06 - 00000000 ____D C:\Users\jenni\AppData\Local\Comms
2016-12-27 11:06 - 2016-12-27 11:06 - 00000000 ____D C:\Users\jenni\AppData\Local\AOP SDK
2016-12-27 11:05 - 2016-12-27 11:05 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Skype
2016-12-27 11:04 - 2017-01-03 11:45 - 01835008 ____H C:\Users\jenni\NTUSER.DAT
2016-12-27 11:04 - 2017-01-03 10:52 - 00524288 ___SH C:\Users\jenni\NTUSER.DAT{91f66ef5-9982-11e6-835a-b16357d41b1b}.TMContainer00000000000000000002.regtrans-ms
2016-12-27 11:04 - 2017-01-03 10:52 - 00524288 ___SH C:\Users\jenni\NTUSER.DAT{91f66ef5-9982-11e6-835a-b16357d41b1b}.TMContainer00000000000000000001.regtrans-ms
2016-12-27 11:04 - 2017-01-03 10:52 - 00065536 ___SH C:\Users\jenni\NTUSER.DAT{91f66ef5-9982-11e6-835a-b16357d41b1b}.TM.blf
2016-12-27 11:04 - 2017-01-03 10:52 - 00000000 ____D C:\Users\jenni
2016-12-27 11:04 - 2017-01-03 10:51 - 00000000 ___RD C:\Users\jenni\Desktop
2016-12-27 11:04 - 2017-01-03 10:51 - 00000000 ____D C:\Users\jenni\AppData\Local
2016-12-27 11:04 - 2017-01-03 10:50 - 00000000 ___RD C:\Users\jenni\OneDrive
2016-12-27 11:04 - 2017-01-03 10:50 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Apple Computer
2016-12-27 11:04 - 2017-01-03 09:00 - 00000000 ____D C:\Users\jenni\AppData\Local\Temp
2016-12-27 11:04 - 2017-01-02 11:10 - 00000000 ___RD C:\Users\jenni\Videos
2016-12-27 11:04 - 2016-12-29 14:58 - 00000000 ___RD C:\Users\jenni\Favorites
2016-12-27 11:04 - 2016-12-29 14:56 - 00000000 ___SD C:\Users\jenni\AppData\Roaming\Microsoft
2016-12-27 11:04 - 2016-12-28 10:58 - 00000000 ____D C:\Users\jenni\AppData\Local\Mozilla
2016-12-27 11:04 - 2016-12-27 15:50 - 00000000 ____D C:\Users\jenni\AppData\Local\Microsoft
2016-12-27 11:04 - 2016-12-27 12:11 - 00000000 ____D C:\Users\jenni\AppData\Local\Packages
2016-12-27 11:04 - 2016-12-27 11:19 - 00000000 ___RD C:\Users\jenni\Documents
2016-12-27 11:04 - 2016-12-27 11:05 - 00002371 _____ C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-27 11:04 - 2016-12-27 11:05 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-27 11:04 - 2016-12-27 11:05 - 00000000 ____D C:\Users\jenni\AppData\Roaming
2016-12-27 11:04 - 2016-12-27 11:04 - 00409600 ___SH C:\Users\jenni\ntuser.dat.LOG2
2016-12-27 11:04 - 2016-12-27 11:04 - 00016384 ___SH C:\Users\jenni\ntuser.dat.LOG1
2016-12-27 11:04 - 2016-12-27 11:04 - 00001337 _____ C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2016-12-27 11:04 - 2016-12-27 11:04 - 00000282 ___SH C:\Users\jenni\Downloads\desktop.ini
2016-12-27 11:04 - 2016-12-27 11:04 - 00000282 ___SH C:\Users\jenni\Desktop\desktop.ini
2016-12-27 11:04 - 2016-12-27 11:04 - 00000174 ___SH C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-27 11:04 - 2016-12-27 11:04 - 00000174 ___SH C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-27 11:04 - 2016-12-27 11:04 - 00000020 ___SH C:\Users\jenni\ntuser.ini
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Templates
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Start Menu
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\SendTo
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Recent
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\PrintHood
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\NetHood
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\My Documents
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Local Settings
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Cookies
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\Application Data
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\AppData\Local\Temporary Internet Files
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\AppData\Local\History
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 _SHDL C:\Users\jenni\AppData\Local\Application Data
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 __SHD C:\Users\jenni\IntelGraphicsProfiles
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___SD C:\Users\jenni\AppData\LocalLow\Microsoft
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Searches
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Saved Games
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Pictures
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Music
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Links
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Downloads
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\Contacts
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ___HD C:\Users\jenni\AppData
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Mozilla
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Macromedia
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Adobe
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\LocalLow\Mozilla
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\LocalLow
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\VirtualStore
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\TileDataLayer
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\Publishers
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\NVIDIA Corporation
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\NVIDIA
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\Google
2016-12-27 11:04 - 2016-12-27 11:04 - 00000000 ____D C:\Users\jenni\AppData\Local\ConnectedDevicesPlatform
2016-12-27 11:04 - 2016-10-24 12:46 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-27 11:04 - 2016-07-17 00:47 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-27 11:04 - 2016-07-17 00:47 - 00000000 ___RD C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-27 11:04 - 2016-07-17 00:47 - 00000000 ____D C:\Users\jenni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-25 21:08 - 2016-12-28 10:56 - 00000000 ____D C:\ProgramData\EA Logs
2016-12-25 21:08 - 2016-12-25 21:08 - 00000000 ____D C:\ProgramData\PopCap Games
2016-12-25 21:08 - 2016-12-25 21:08 - 00000000 ____D C:\ProgramData\EA Core
2016-12-25 21:07 - 2016-12-25 21:07 - 00001280 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2016-12-23 00:06 - 2017-01-03 10:28 - 00001960 _____ C:\Users\chels\Desktop\Dashlane.lnk
2016-12-23 00:06 - 2016-12-23 00:06 - 00000000 ____D C:\Users\chels\AppData\LocalLow\Dashlane
2016-12-23 00:04 - 2017-01-03 10:30 - 00000000 ____D C:\Users\chels\AppData\Roaming\Dashlane
2016-12-22 20:45 - 2017-01-03 10:52 - 00000000 ___RD C:\Users\chels\Google Drive
2016-12-22 20:45 - 2016-12-22 20:45 - 00001764 _____ C:\Users\chels\Desktop\Google Drive.lnk
2016-12-22 20:43 - 2016-12-22 20:43 - 00002119 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-12-22 20:43 - 2016-12-22 20:43 - 00002117 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-12-22 20:43 - 2016-12-22 20:43 - 00002107 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-12-22 20:43 - 2016-12-22 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-21 21:44 - 2016-12-21 21:44 - 00000000 ____D C:\Users\jayem\AppData\LocalLow\Google
2016-12-18 11:43 - 2016-12-18 11:43 - 00000000 ____D C:\Users\chels\AppData\Local\Chromium
2016-12-17 19:23 - 2016-12-17 19:23 - 00001451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-12-17 19:23 - 2016-12-17 19:23 - 00001382 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-12-17 19:23 - 2016-12-17 19:23 - 00000000 ____D C:\WINDOWS\en
2016-12-17 19:22 - 2016-12-17 19:22 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-12-17 19:20 - 2016-12-17 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-12-17 19:20 - 2016-12-17 19:20 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-12-17 19:19 - 2016-12-22 23:20 - 00000000 ____D C:\Users\chels\AppData\Local\Windows Live
2016-12-17 09:25 - 2016-12-17 09:25 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-17 03:37 - 2016-12-09 01:36 - 00000040 _____ C:\WINDOWS\spotify.preload
2016-12-16 01:45 - 2016-12-16 01:45 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2016-12-15 00:12 - 2016-12-09 23:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-15 00:12 - 2016-12-09 23:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-15 00:12 - 2016-12-09 23:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-15 00:12 - 2016-12-09 23:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-15 00:12 - 2016-12-09 23:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-15 00:12 - 2016-12-09 22:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-15 00:12 - 2016-12-09 22:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-15 00:12 - 2016-12-09 22:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-15 00:12 - 2016-12-09 22:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-15 00:12 - 2016-12-09 22:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-15 00:12 - 2016-12-09 22:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-15 00:12 - 2016-12-09 22:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-15 00:12 - 2016-12-09 22:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-15 00:12 - 2016-12-09 22:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-15 00:12 - 2016-12-09 22:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-15 00:12 - 2016-12-09 22:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-15 00:12 - 2016-12-09 22:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-15 00:12 - 2016-12-09 22:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-15 00:12 - 2016-12-09 22:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-15 00:12 - 2016-12-09 22:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-15 00:12 - 2016-12-09 22:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-15 00:12 - 2016-12-09 22:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-15 00:12 - 2016-12-09 22:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-15 00:12 - 2016-12-09 22:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-15 00:12 - 2016-12-09 22:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-15 00:12 - 2016-12-09 22:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-15 00:12 - 2016-12-09 22:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-15 00:12 - 2016-12-09 22:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-15 00:12 - 2016-12-09 22:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-15 00:12 - 2016-12-09 22:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-15 00:12 - 2016-12-09 22:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-15 00:12 - 2016-12-09 22:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-15 00:12 - 2016-12-09 22:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-15 00:12 - 2016-12-09 22:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-15 00:12 - 2016-12-09 22:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-15 00:12 - 2016-12-09 22:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-15 00:12 - 2016-12-09 22:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-15 00:12 - 2016-12-09 22:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-15 00:12 - 2016-12-09 22:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-15 00:12 - 2016-12-09 22:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-15 00:12 - 2016-12-09 21:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-15 00:12 - 2016-11-02 23:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-15 00:11 - 2016-12-09 23:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-15 00:11 - 2016-12-09 23:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-15 00:11 - 2016-12-09 23:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-15 00:11 - 2016-12-09 23:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-15 00:11 - 2016-12-09 23:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-15 00:11 - 2016-12-09 22:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-15 00:11 - 2016-12-09 22:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-15 00:11 - 2016-12-09 22:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-15 00:11 - 2016-12-09 22:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-15 00:11 - 2016-12-09 22:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-15 00:11 - 2016-12-09 22:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-15 00:11 - 2016-12-09 22:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-15 00:11 - 2016-12-09 22:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-15 00:11 - 2016-12-09 22:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-15 00:11 - 2016-12-09 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-15 00:11 - 2016-12-09 22:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-15 00:11 - 2016-12-09 22:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-15 00:11 - 2016-12-09 22:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-15 00:11 - 2016-09-16 05:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-15 00:10 - 2016-12-09 23:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-15 00:10 - 2016-12-09 23:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-15 00:10 - 2016-12-09 23:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-15 00:10 - 2016-12-09 23:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-15 00:10 - 2016-12-09 23:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-15 00:10 - 2016-12-09 23:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-15 00:10 - 2016-12-09 23:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-15 00:10 - 2016-12-09 23:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-15 00:10 - 2016-12-09 23:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-15 00:10 - 2016-12-09 23:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-15 00:10 - 2016-12-09 23:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-15 00:10 - 2016-12-09 23:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-15 00:10 - 2016-12-09 23:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-15 00:10 - 2016-12-09 23:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-15 00:10 - 2016-12-09 23:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-15 00:10 - 2016-12-09 23:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-15 00:10 - 2016-12-09 23:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-15 00:10 - 2016-12-09 23:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-15 00:10 - 2016-12-09 23:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-15 00:10 - 2016-12-09 23:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-15 00:10 - 2016-12-09 23:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-15 00:10 - 2016-12-09 23:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-15 00:10 - 2016-12-09 23:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-15 00:10 - 2016-12-09 23:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-15 00:10 - 2016-12-09 23:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-15 00:10 - 2016-12-09 23:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-15 00:10 - 2016-12-09 23:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-15 00:10 - 2016-12-09 22:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-15 00:10 - 2016-12-09 22:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-15 00:10 - 2016-12-09 22:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-15 00:10 - 2016-12-09 22:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-15 00:10 - 2016-12-09 22:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-15 00:10 - 2016-12-09 22:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-15 00:10 - 2016-12-09 22:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-15 00:10 - 2016-12-09 22:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-15 00:10 - 2016-12-09 22:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-15 00:10 - 2016-12-09 22:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-15 00:10 - 2016-12-09 22:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-15 00:10 - 2016-12-09 22:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-15 00:10 - 2016-12-09 22:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-15 00:10 - 2016-12-09 22:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-15 00:10 - 2016-12-09 22:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-15 00:10 - 2016-12-09 22:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-15 00:10 - 2016-12-09 22:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-15 00:10 - 2016-12-09 22:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-15 00:10 - 2016-12-09 22:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-15 00:10 - 2016-12-09 22:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-15 00:10 - 2016-12-09 22:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-15 00:10 - 2016-12-09 22:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-15 00:10 - 2016-12-09 22:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-15 00:10 - 2016-12-09 22:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-15 00:10 - 2016-12-09 22:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-15 00:10 - 2016-12-09 22:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-15 00:10 - 2016-12-09 22:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-15 00:10 - 2016-11-02 23:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 19:48 - 2016-12-13 19:48 - 00000000 ____D C:\Users\jayem\AppData\Local\Chromium
2016-12-12 22:45 - 2016-12-12 22:53 - 00000000 ____D C:\Users\chels\AppData\LocalLow\Mozilla
2016-12-12 22:01 - 2016-12-12 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirParrot 2
2016-12-12 18:39 - 2016-12-12 18:39 - 00245512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2016-12-12 18:37 - 2016-12-12 18:37 - 00218920 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2016-12-12 18:37 - 2016-12-12 18:37 - 00164888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2016-12-12 18:37 - 2016-12-12 18:37 - 00104720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2016-12-12 18:35 - 2016-12-12 18:35 - 00000000 ____D C:\Users\jayem\AppData\Roaming\calibre
2016-12-12 18:35 - 2016-12-12 18:35 - 00000000 ____D C:\Users\jayem\AppData\Local\calibre-cache
2016-12-10 13:00 - 2016-11-11 23:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 13:00 - 2016-11-11 23:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 13:00 - 2016-11-11 23:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 13:00 - 2016-11-11 23:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 13:00 - 2016-11-11 23:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 13:00 - 2016-11-11 23:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 13:00 - 2016-11-11 23:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 13:00 - 2016-11-11 23:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 13:00 - 2016-11-11 23:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 13:00 - 2016-11-11 23:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 13:00 - 2016-11-11 23:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 13:00 - 2016-11-11 23:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 13:00 - 2016-11-11 23:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 13:00 - 2016-11-11 23:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 13:00 - 2016-11-11 23:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 13:00 - 2016-11-11 23:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 13:00 - 2016-11-11 23:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 13:00 - 2016-11-11 23:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 13:00 - 2016-11-11 23:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 13:00 - 2016-11-11 23:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 13:00 - 2016-11-11 23:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 13:00 - 2016-11-11 23:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 13:00 - 2016-11-11 22:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 13:00 - 2016-11-11 22:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 13:00 - 2016-11-11 22:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 13:00 - 2016-11-11 22:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 13:00 - 2016-11-11 22:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 13:00 - 2016-11-11 22:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 13:00 - 2016-11-11 22:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 13:00 - 2016-11-11 22:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 13:00 - 2016-11-11 22:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 13:00 - 2016-11-11 22:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 13:00 - 2016-11-11 22:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 13:00 - 2016-11-11 22:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 13:00 - 2016-11-11 22:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 13:00 - 2016-11-11 22:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 13:00 - 2016-11-11 22:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 13:00 - 2016-11-11 22:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 13:00 - 2016-11-11 22:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 13:00 - 2016-11-11 22:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 13:00 - 2016-11-11 22:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 13:00 - 2016-11-11 22:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 13:00 - 2016-11-11 22:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 13:00 - 2016-11-11 22:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 13:00 - 2016-11-11 22:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 13:00 - 2016-11-11 22:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 13:00 - 2016-11-11 22:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 13:00 - 2016-11-11 22:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 13:00 - 2016-11-11 22:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 13:00 - 2016-11-11 22:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 13:00 - 2016-11-11 22:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 13:00 - 2016-11-11 22:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 13:00 - 2016-11-11 22:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 13:00 - 2016-11-11 22:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 13:00 - 2016-11-11 22:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 13:00 - 2016-11-11 22:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 13:00 - 2016-11-11 22:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 13:00 - 2016-11-11 22:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 13:00 - 2016-11-11 22:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 13:00 - 2016-11-11 22:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 13:00 - 2016-11-11 22:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 13:00 - 2016-11-11 22:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 13:00 - 2016-11-11 22:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 13:00 - 2016-11-11 22:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 13:00 - 2016-11-11 22:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 13:00 - 2016-11-11 22:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 13:00 - 2016-11-11 22:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 13:00 - 2016-11-11 22:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 13:00 - 2016-11-11 22:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 13:00 - 2016-11-11 22:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-10 13:00 - 2016-11-11 22:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 13:00 - 2016-11-11 22:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 13:00 - 2016-11-11 22:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 13:00 - 2016-11-11 22:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 13:00 - 2016-11-11 22:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 13:00 - 2016-11-11 22:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 13:00 - 2016-11-11 22:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 13:00 - 2016-11-11 22:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 13:00 - 2016-11-11 22:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 13:00 - 2016-11-11 22:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 13:00 - 2016-11-11 22:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 13:00 - 2016-11-11 22:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 13:00 - 2016-11-11 22:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 13:00 - 2016-11-11 22:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 13:00 - 2016-11-11 22:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 13:00 - 2016-11-11 22:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 13:00 - 2016-11-11 22:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 13:00 - 2016-11-11 22:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 13:00 - 2016-11-11 22:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 13:00 - 2016-11-11 22:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 13:00 - 2016-11-11 22:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 13:00 - 2016-11-11 22:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 13:00 - 2016-11-11 22:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 13:00 - 2016-11-11 22:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 13:00 - 2016-11-11 22:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 13:00 - 2016-11-11 22:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 13:00 - 2016-11-11 22:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 13:00 - 2016-11-11 22:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 13:00 - 2016-11-11 22:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 13:00 - 2016-11-11 22:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 13:00 - 2016-11-11 22:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 13:00 - 2016-11-11 22:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 13:00 - 2016-11-11 22:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 13:00 - 2016-11-11 22:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 13:00 - 2016-11-11 22:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 13:00 - 2016-11-11 22:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 13:00 - 2016-11-11 22:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 13:00 - 2016-11-11 22:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 13:00 - 2016-11-11 22:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 13:00 - 2016-11-11 22:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 13:00 - 2016-11-11 22:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 13:00 - 2016-11-11 21:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 13:00 - 2016-11-11 21:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 13:00 - 2016-11-11 21:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 13:00 - 2016-11-11 21:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 13:00 - 2016-11-11 21:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 13:00 - 2016-11-11 20:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 13:00 - 2016-11-11 20:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 13:00 - 2016-11-11 20:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 13:00 - 2016-11-11 20:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 13:00 - 2016-11-11 20:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 13:00 - 2016-11-11 20:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 13:00 - 2016-11-11 20:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 13:00 - 2016-11-11 20:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 13:00 - 2016-11-11 20:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 13:00 - 2016-11-11 20:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 13:00 - 2016-11-11 20:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 13:00 - 2016-11-11 20:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 13:00 - 2016-11-11 20:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 13:00 - 2016-11-11 20:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 13:00 - 2016-11-11 20:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 13:00 - 2016-11-11 20:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 13:00 - 2016-11-11 20:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 13:00 - 2016-11-11 20:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 13:00 - 2016-11-11 20:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 13:00 - 2016-11-11 20:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 13:00 - 2016-11-11 20:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 13:00 - 2016-11-11 20:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 13:00 - 2016-11-11 20:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 13:00 - 2016-11-11 20:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 13:00 - 2016-11-11 20:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 13:00 - 2016-11-11 20:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 13:00 - 2016-11-11 20:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 13:00 - 2016-11-11 20:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 13:00 - 2016-11-11 20:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 13:00 - 2016-11-11 20:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 13:00 - 2016-11-11 20:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 13:00 - 2016-11-11 20:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 13:00 - 2016-11-11 20:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 13:00 - 2016-11-11 20:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 13:00 - 2016-11-11 20:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 13:00 - 2016-11-11 20:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 13:00 - 2016-11-11 20:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 13:00 - 2016-11-11 20:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 13:00 - 2016-11-11 20:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 13:00 - 2016-11-11 20:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 13:00 - 2016-11-11 20:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 13:00 - 2016-11-11 20:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 13:00 - 2016-11-11 20:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 13:00 - 2016-11-11 20:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 13:00 - 2016-11-11 20:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 13:00 - 2016-11-11 20:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 13:00 - 2016-11-11 20:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 13:00 - 2016-11-11 20:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 13:00 - 2016-11-11 20:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 13:00 - 2016-11-11 20:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 13:00 - 2016-11-11 20:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 13:00 - 2016-11-11 20:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 13:00 - 2016-11-11 20:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 13:00 - 2016-11-11 20:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 13:00 - 2016-11-11 20:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 13:00 - 2016-11-11 20:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 13:00 - 2016-11-11 20:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 13:00 - 2016-11-11 20:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 13:00 - 2016-11-11 20:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 13:00 - 2016-11-11 20:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 13:00 - 2016-11-11 20:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 13:00 - 2016-11-11 20:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 13:00 - 2016-11-11 20:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 13:00 - 2016-11-11 20:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 13:00 - 2016-11-11 20:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 13:00 - 2016-11-11 20:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 13:00 - 2016-11-11 20:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 13:00 - 2016-11-11 20:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-06 18:45 - 2016-12-06 18:45 - 00000000 ____D C:\Users\jayem\AppData\LocalLow\U-Play online
2016-12-04 14:22 - 2016-12-29 21:18 - 00000000 ____D C:\Users\jayem\AppData\Local\Game Dev Tycoon - Steam
2016-12-04 14:22 - 2016-12-04 14:22 - 00000222 _____ C:\Users\jayem\Desktop\Youtubers Life.url
2016-12-04 13:57 - 2016-12-04 13:57 - 00000222 _____ C:\Users\jayem\Desktop\Game Dev Tycoon.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 11:27 - 2016-10-24 12:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-03 11:08 - 2016-09-18 23:27 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-03 10:59 - 2016-04-02 09:13 - 01642808 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-03 10:53 - 2016-09-19 13:01 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-03 10:52 - 2016-10-24 12:50 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-03 10:52 - 2016-10-24 12:43 - 00000000 ____D C:\Users\chels
2017-01-03 10:52 - 2016-10-24 12:42 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-03 10:52 - 2016-09-18 22:58 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-03 10:52 - 2016-09-18 22:37 - 00000000 ___RD C:\Users\chels\OneDrive
2017-01-03 10:52 - 2016-09-18 22:35 - 00000000 __SHD C:\Users\chels\IntelGraphicsProfiles
2017-01-03 10:52 - 2016-07-16 19:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-03 10:51 - 2016-08-24 03:45 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-03 10:28 - 2016-09-18 22:35 - 00000000 ____D C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-01-03 10:16 - 2016-10-24 12:43 - 00000000 ____D C:\Users\jayem
2017-01-03 10:13 - 2016-09-18 22:33 - 00000000 ____D C:\Program Files (x86)\Dashlane
2017-01-03 10:09 - 2016-10-30 12:00 - 00000000 ____D C:\Users\jayem\AppData\Roaming\Origin
2017-01-03 10:08 - 2016-09-21 17:15 - 00000000 ____D C:\Users\jayem\AppData\Local\Spotify
2017-01-03 04:44 - 2016-09-21 17:14 - 00000000 ____D C:\Users\jayem\AppData\Roaming\Spotify
2017-01-03 00:24 - 2016-07-17 00:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 00:24 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-01 20:01 - 2016-11-20 19:31 - 00000000 ____D C:\Users\jayem\AppData\LocalLow\Mozilla
2016-12-29 16:48 - 2016-11-06 20:56 - 00001065 _____ C:\Users\jayem\Desktop\nativelog.txt
2016-12-29 16:09 - 2016-11-06 19:03 - 00000000 ____D C:\Users\jayem\AppData\Roaming\.minecraft
2016-12-29 14:57 - 2016-02-14 02:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-28 13:48 - 2016-10-24 12:43 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-28 13:48 - 2016-10-24 12:43 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-28 13:48 - 2016-10-24 12:43 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-28 13:48 - 2016-07-16 19:04 - 52690944 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-28 13:48 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-27 11:06 - 2016-10-31 22:55 - 00000000 ___HD C:\OneDriveTemp
2016-12-27 11:04 - 2016-07-16 19:04 - 00000000 ___RD C:\Users
2016-12-27 11:04 - 2015-10-30 20:24 - 00000000 __SHD C:\$Recycle.Bin
2016-12-26 22:32 - 2016-09-19 12:58 - 00000000 ____D C:\Users\jayem\AppData\Local\Google
2016-12-25 21:08 - 2016-10-30 13:39 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-12-25 21:06 - 2016-07-17 00:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-25 21:06 - 2016-04-02 09:08 - 00046651 _____ C:\WINDOWS\DirectX.log
2016-12-25 21:03 - 2016-10-30 12:02 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-12-25 21:02 - 2016-10-30 11:57 - 00000000 ____D C:\Users\jayem\AppData\Local\Origin
2016-12-25 20:53 - 2016-10-30 11:57 - 00000000 ____D C:\ProgramData\Origin
2016-12-25 20:52 - 2016-10-30 12:00 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-24 18:38 - 2016-09-20 14:43 - 00000000 ____D C:\Users\jayem\AppData\Local\TurmoilSteam
2016-12-24 17:26 - 2016-10-24 18:37 - 00000000 ___RD C:\Users\jayem\Documents
2016-12-24 15:18 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-24 12:31 - 2016-10-13 23:36 - 00000000 __SHD C:\Config.Msi
2016-12-24 12:31 - 2016-07-17 00:47 - 00000000 _SHDC C:\WINDOWS\Installer
2016-12-24 12:31 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-23 00:06 - 2016-09-18 22:32 - 00000000 ____D C:\Users\chels\AppData\LocalLow
2016-12-23 00:04 - 2016-10-24 12:43 - 00000000 ____D C:\Users\chels\AppData\Roaming
2016-12-22 23:20 - 2016-10-24 12:43 - 00000000 ____D C:\Users\chels\AppData\Local\Microsoft
2016-12-22 21:44 - 2016-10-24 12:43 - 00000000 ___SD C:\Users\chels\AppData\Roaming\Microsoft
2016-12-22 20:45 - 2016-09-18 22:32 - 00000000 ___RD C:\Users\chels\Links
2016-12-22 20:45 - 2016-07-16 19:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-22 20:43 - 2016-09-18 22:40 - 00000000 ____D C:\Users\chels\AppData\Local\Google
2016-12-22 20:43 - 2016-09-18 22:40 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-22 15:54 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\WDI
2016-12-22 15:52 - 2016-09-19 12:58 - 00000000 __SHD C:\Users\jayem\IntelGraphicsProfiles
2016-12-21 21:44 - 2016-09-19 12:58 - 00000000 ____D C:\Users\jayem\AppData\LocalLow
2016-12-19 14:35 - 2016-09-19 12:58 - 00000000 ____D C:\Users\jayem\AppData\Local\Packages
2016-12-19 09:10 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-18 11:44 - 2016-10-24 12:43 - 00000000 ___RD C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-18 11:44 - 2016-09-18 22:37 - 00002371 _____ C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-18 11:43 - 2016-10-24 15:35 - 00000174 ___SH C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-18 11:43 - 2016-09-20 09:21 - 00000000 ____D C:\Users\chels\AppData\Local\Steam
2016-12-18 11:43 - 2016-09-18 22:35 - 00000282 ___SH C:\Users\chels\Desktop\desktop.ini
2016-12-18 11:43 - 2016-09-18 22:35 - 00000174 ___SH C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-18 11:43 - 2016-09-18 22:35 - 00000000 ___RD C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-18 11:43 - 2016-09-18 22:35 - 00000000 ___RD C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-18 11:43 - 2016-09-18 22:35 - 00000000 ____D C:\Users\chels\AppData\Local\Packages
2016-12-18 06:59 - 2016-07-17 00:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-18 06:58 - 2016-08-24 02:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-18 06:58 - 2016-07-16 19:04 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-17 20:19 - 2016-10-24 18:37 - 00000000 ___RD C:\Users\jayem\Pictures
2016-12-17 19:32 - 2016-10-24 12:43 - 00000000 ____D C:\Users\jayem\AppData\Local\Microsoft
2016-12-17 19:28 - 2016-10-24 12:42 - 00021963 _____ C:\WINDOWS\setupact.log
2016-12-17 19:23 - 2016-07-17 00:47 - 00001068 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-17 19:21 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\Microsoft
2016-12-17 19:20 - 2016-09-18 22:33 - 00000000 ___SD C:\Users\chels\AppData\LocalLow\Microsoft
2016-12-17 19:20 - 2016-07-17 00:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-17 19:18 - 2016-07-17 00:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-17 12:45 - 2016-10-24 12:50 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 12:45 - 2016-10-24 12:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 12:45 - 2015-10-30 20:24 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-17 09:25 - 2016-09-19 12:59 - 00002371 _____ C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-17 09:25 - 2016-09-19 12:59 - 00000000 ___RD C:\Users\jayem\OneDrive
2016-12-16 10:52 - 2016-04-02 09:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-16 10:14 - 2016-11-20 15:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-16 10:14 - 2016-09-20 08:56 - 00001148 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-16 10:14 - 2016-04-02 09:10 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-15 18:03 - 2016-11-01 11:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-15 18:03 - 2016-10-24 12:41 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 18:02 - 2016-10-24 12:41 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 18:02 - 2016-10-24 12:41 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 18:02 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 18:02 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 18:02 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 18:02 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 18:02 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 18:02 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-15 18:02 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-15 11:09 - 2016-07-17 00:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 11:06 - 2016-09-19 09:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-15 11:05 - 2016-09-19 09:15 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-14 13:18 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-14 13:18 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 19:48 - 2016-09-19 13:03 - 00000000 ____D C:\Users\jayem\AppData\Local\Steam
2016-12-13 19:47 - 2016-10-24 18:37 - 00000174 ___SH C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-13 19:47 - 2016-09-19 12:58 - 00000282 ___SH C:\Users\jayem\Desktop\desktop.ini
2016-12-13 19:47 - 2016-09-19 12:58 - 00000174 ___SH C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-13 19:47 - 2016-09-19 12:58 - 00000000 ___RD C:\Users\jayem\Searches
2016-12-13 19:47 - 2016-09-19 12:58 - 00000000 ___RD C:\Users\jayem\Links
2016-12-13 19:47 - 2016-09-19 12:58 - 00000000 ___RD C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-13 19:47 - 2016-09-19 12:58 - 00000000 ___RD C:\Users\jayem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-13 19:47 - 2016-07-17 00:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-13 18:07 - 2016-07-16 19:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-13 18:06 - 2016-07-17 00:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-13 18:06 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-13 18:06 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-13 18:06 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-13 18:06 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-12 22:52 - 2016-09-20 10:15 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-12-12 22:01 - 2016-10-10 22:20 - 00000000 ____D C:\Users\chels\AppData\Local\AirParrot 2
2016-12-12 22:01 - 2016-10-10 22:19 - 00001959 _____ C:\Users\Public\Desktop\AirParrot 2.lnk
2016-12-12 22:01 - 2016-10-10 22:19 - 00000000 ____D C:\Program Files\AirParrot 2
2016-12-12 22:01 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\Logs
2016-12-12 18:35 - 2016-10-24 12:43 - 00000000 ____D C:\Users\jayem\AppData\Roaming
2016-12-12 12:56 - 2016-07-17 00:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 12:56 - 2016-07-17 00:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 12:52 - 2016-07-17 00:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-10 07:46 - 2016-09-18 22:40 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-10 07:46 - 2016-09-18 22:40 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 12:52 - 2016-07-16 19:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-09 12:49 - 2016-07-17 00:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-07 21:03 - 2016-07-17 00:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-07 21:03 - 2015-10-30 20:24 - 00000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-07 11:21 - 2016-10-30 13:27 - 00001351 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2016-12-07 01:52 - 2016-09-20 10:24 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-12-07 01:52 - 2016-07-16 19:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-07 01:52 - 2016-06-21 00:41 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-12-07 01:52 - 2016-06-02 23:39 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
 
==================== Files in the root of some directories =======
 
2016-09-20 09:24 - 2016-08-17 01:53 - 0023824 _____ () C:\Users\chels\AppData\Local\Z@!-8532cca6-a483-46a4-8c2f-f833943ac26c.tmp
2016-09-20 09:24 - 2016-08-17 01:53 - 0023824 _____ () C:\Users\chels\AppData\Local\Z@!-aad8a957-f166-4023-bf4f-796d3c6b991a.tmp
2016-09-20 09:24 - 2016-08-17 01:53 - 0022800 _____ () C:\Users\chels\AppData\Local\Z@S!-d896dcde-0822-4f58-8cef-926f3f52feff.tmp
2016-10-24 12:42 - 2016-10-24 12:42 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-24 15:18
 
==================== End of FRST.txt ============================
=======================================EOF=============================================
 
I then downloaded and installed Malware Bytes. This is the scan report output:
 

=======================================BOF=============================================

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/17
Scan Time: 11:46 AM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.907
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ACER-EM75M7KU\chels
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 470557
Time Elapsed: 1 min, 36 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
=======================================EOF=============================================
 
I then ran Adware Cleaner in Scan mode just to be sure and this is the latest logfile.

 

=======================================BOF=============================================

# AdwCleaner v6.041 - Logfile created 03/01/2017 at 11:57:21
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : chels - ACER-EM75M7KU
# Running from : D:\Chels\Downloads\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6211 Bytes] - [03/01/2017 10:51:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [5763 Bytes] - [03/01/2017 10:48:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1130 Bytes] - [03/01/2017 11:57:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1203 Bytes] ##########

=======================================EOF=============================================

 
I tried to uninstall dashlane again, but I still got the message that au_.exe wants to make changes to my system.

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 04 January 2017 - 11:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Please run the AdwCleaner tool and clean everything that was found.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\s82d4lgu.default -> Web Start
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\s82d4lgu.default -> Web Start
FF Homepage: Mozilla\Firefox\Profiles\s82d4lgu.default -> hxxps://webstart-page.com/?s=acer&m=start&brw=ff
CHR HomePage: Default -> hxxps://webstart-page.com/?s=acer&m=home&brw=ch
CHR StartupUrls: Default -> "hxxps://webstart-page.com/?s=acer&m=start&brw=ch"
CHR Extension: (Chrome Web Store Payments) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-18]
CHR Extension: (Chrome Media Router) - C:\Users\chels\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
C:\Users\chels\AppData\Local\Z@!-8532cca6-a483-46a4-8c2f-f833943ac26c.tmp
C:\Users\chels\AppData\Local\Z@!-aad8a957-f166-4023-bf4f-796d3c6b991a.tmp
C:\Users\chels\AppData\Local\Z@S!-d896dcde-0822-4f58-8cef-926f3f52feff.tmp

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Please post the logs and let me know what problem persists with this computer.

#3 tinag9876

tinag9876
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 January 2017 - 06:06 PM

Thanks nasdaq. I have done as you asked but the problem persists. When I try to uninstall dashlane I still get the AU_.exe "uninstaller" asking for permission to make changes to the system.

 

Attached please find the AdwCleaner log and the FRST64 logs. 

 

I note the fixlist.txt file you provided didn't have anything about Dashlane listed. I wondered why since that seems to be the item that is infected.

 

I would appreciate any further help you can provide. 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 08 January 2017 - 08:14 AM


This should remove all files and Folders from the computer.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Dashlane, Inc.) C:\Users\chels\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\chels\AppData\Roaming\Dashlane\DashlanePlugin.exe
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [Dashlane] => C:\Users\chels\AppData\Roaming\Dashlane\Dashlane.exe [478592 2016-12-08] (Dashlane, Inc.)
HKU\S-1-5-21-2047248549-3523246709-2014321820-1001\...\Run: [DashlanePlugin] => C:\Users\chels\AppData\Roaming\Dashlane\DashlanePlugin.exe [536960 2016-12-08] ()
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\chels\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2016-12-08] (Dashlane, Inc.)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\chels\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2016-12-08] (Dashlane, Inc.)
FF Extension: (Dashlane) - C:\Users\chels\AppData\Roaming\Mozilla\Firefox\Profiles\s82d4lgu.default\Extensions\jetpack-extension@dashlane.com.xpi [2016-12-08]
C:\Users\chels\AppData\Roaming\Dashlane
C:\Users\chels\Desktop\Dashlane.lnk
C:\Users\chels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
C:\Program Files (x86)\Dashlane

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Lets see what will found in the Registry.

Please run the Farbar Recovery Scan Tool. Enter Dashlane in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#5 tinag9876

tinag9876
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 12 January 2017 - 01:50 AM

Thanks nasdaq.

 

The fix log and registry search results are attached.

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:26 AM

Posted 12 January 2017 - 10:09 AM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Dashlanei.dll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9F384869-F6AD-41E9-8BD2-CF54BE338D1E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\DashlaneUpgradeInstaller.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\KWIEBar.KWIEBarBand]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\KWIEBar.KWIEBarBand.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KwiftBHO]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Kwift_plugin_IE.KwiftBHO.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1909EB10-122A-4F75-ADC6-1183A9052286}\1.0\0\win32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1909EB10-122A-4F75-ADC6-1183A9052286}\1.0\HELPDIR]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\0\win32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3277CD27-4001-4EF8-9D96-C6CA745AC2F9}\1.0\HELPDIR]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40354A83-504E-4611-ACAE-3D137F6F595E}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{669695BC-A811-4A9D-8CDF-BA8C795F261C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\NativeMessagingHosts\com.dashlane.dashlane]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A26EA9EF-0420-4657-AD7F-A4C9D67B63B6}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Dashlane Upgrade Service]
[HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\Environment]
"Path"="-
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Dashlane]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Dashlane_profiles]
-[HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.dashlane.dashlane]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2047248549-3523246709-2014321820-1001\Software\Dashlane]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B236E3E-80B2-4322-B6A2-529D751B7FB1}]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F05E0524-ED06-43A7-BB08-04FEF67C7D11}]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
[HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{63133C92-8C18-438F-BF19-4653F23B158F}]
"AppId"=-
[HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search\RecentApps\{90B8237A-BECF-438C-9F9A-2B9476E64392}]
"AppId"=-
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dashlane]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
[-HKEY_USERS\S-1-5-21-2047248549-3523246709-2014321820-1001\SOFTWARE\Classes\dashlane]


Restart the computer when completed.

You can delete the fixme.reg file when done.
===

Any other issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users