Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible browser redirect


  • This topic is locked This topic is locked
7 replies to this topic

#1 Beepboopbop1

Beepboopbop1

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 15 March 2017 - 09:44 PM

Hey I am about as good with computers as a goldfish so please be patient with me. Eset antivirus told me I had registry issues and i have no clue what is up. Backtory is I continueously had bsod problems and my mouse would move at random as well as open the search bar and notification center. upon taking it into some cpu techs, they said that they reset it to default including the hard drive. But upon turning it on I'm having the same issues. At one point I had my C: drive get locked on me? I tried to open it from file explorer and in the corner of my screen it said something about bit something un encrypting it? I just hardwiped my cpu again and did updates. So here is the newest farbar scans.

 

 

can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Shannon (administrator) on DESKTOP-4EL592D (15-03-2017 20:16:58)
Running from C:\Users\Shannon\Downloads
Loaded Profiles: Shannon (Available Profiles: defaultuser0 & Shannon)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\eOPPFrame.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8519424 2015-07-22] (Realtek Semiconductor)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{30ffcc6d-d73b-4ad8-aba3-17ee10a1a666}: [DhcpNameServer] 192.168.1.254 192.168.1.254
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1540712080-551408199-3099575163-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2016-12-14] (ESET)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-08-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-07-22] (Realtek Semiconductor)
R2 RtkBtManServ; C:\WINDOWS\RtkBtManServ.exe [223952 2016-08-24] (Realtek Semiconductor Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132272 2017-01-17] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106768 2017-01-17] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15488 2017-01-17] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180544 2017-01-17] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [49672 2017-01-17] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [77616 2017-01-17] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [96856 2017-01-17] (ESET)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7402992 2016-11-02] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-11-25] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [719424 2016-08-24] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-05] (Synaptics Incorporated)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-14] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [32832 2016-08-10] (HP)
U3 aswMBR; C:\Users\Shannon\AppData\Local\Temp\aswMBR.sys [62728 2017-03-15] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\Shannon\AppData\Local\Temp\aswVmm.sys [224896 2017-03-15] () <==== ATTENTION
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-15 20:14 - 2017-03-15 20:17 - 00006831 _____ C:\Users\Shannon\Downloads\FRST.txt
2017-03-15 20:05 - 2017-03-15 20:14 - 00000000 ____D C:\FRST
2017-03-15 20:05 - 2017-03-15 20:06 - 02424832 _____ (Farbar) C:\Users\Shannon\Downloads\FRST64.exe
2017-03-15 19:38 - 2017-03-15 19:38 - 00004126 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E1C4B113-8E9B-4833-97B4-9EE77E8BDE35}
2017-03-15 13:33 - 2017-03-15 13:33 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Skype
2017-03-14 06:48 - 2017-03-14 06:48 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Synaptics
2017-03-14 06:48 - 2017-03-14 06:48 - 00000000 ____D C:\ProgramData\Synaptics
2017-03-14 06:11 - 2017-03-14 06:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-14 06:11 - 2017-03-14 06:11 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-14 05:52 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-03-14 05:52 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-03-14 05:52 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-03-14 05:52 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-03-14 05:52 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-14 05:52 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-03-14 05:52 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-03-14 05:52 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-03-14 05:52 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-03-14 05:52 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-03-14 05:52 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-03-14 05:52 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-03-14 05:52 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-03-14 05:52 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-03-14 05:52 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-03-14 05:52 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-03-14 05:52 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-03-14 05:52 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-03-14 05:52 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-03-14 05:52 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-03-14 05:52 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-03-14 05:52 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-03-14 05:52 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-03-14 05:52 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-14 05:52 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-03-14 05:52 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-03-14 05:52 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-03-14 05:52 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-03-14 05:52 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-03-14 05:52 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-03-14 05:52 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-03-14 05:52 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-03-14 05:52 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-03-14 05:52 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-14 05:52 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-03-14 05:52 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-03-14 05:52 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-03-14 05:52 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-14 05:52 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-14 05:52 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-03-14 05:52 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-14 05:52 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-03-14 05:52 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-14 05:52 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-03-14 05:52 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-14 05:52 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-03-14 05:52 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-03-14 05:52 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-03-14 05:52 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-14 05:52 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-14 05:52 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-14 05:52 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-03-14 05:52 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-03-14 05:52 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-03-14 05:52 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-03-14 05:52 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-03-14 05:52 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-03-14 05:52 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-03-14 05:52 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-03-14 05:52 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-03-14 05:52 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-03-14 05:52 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-03-14 05:52 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-03-14 05:52 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-03-14 05:52 - 2016-12-09 03:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-03-14 05:52 - 2016-12-09 03:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-03-14 05:52 - 2016-12-09 03:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-14 05:52 - 2016-12-09 03:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-03-14 05:52 - 2016-12-09 03:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-03-14 05:52 - 2016-12-09 03:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-03-14 05:52 - 2016-12-09 03:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-03-14 05:52 - 2016-12-09 03:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-14 05:52 - 2016-12-09 03:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-03-14 05:52 - 2016-12-09 03:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-03-14 05:52 - 2016-12-09 03:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-03-14 05:52 - 2016-12-09 03:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-14 05:52 - 2016-12-09 03:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-14 05:52 - 2016-12-09 03:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-03-14 05:52 - 2016-12-09 03:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-03-14 05:52 - 2016-12-09 03:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-03-14 05:52 - 2016-12-09 02:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-03-14 05:52 - 2016-12-09 02:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-03-14 05:52 - 2016-12-09 02:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-03-14 05:52 - 2016-12-09 02:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-03-14 05:52 - 2016-12-09 02:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2017-03-14 05:52 - 2016-12-09 02:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2017-03-14 05:52 - 2016-12-09 02:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-03-14 05:52 - 2016-12-09 02:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-03-14 05:52 - 2016-12-09 02:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-03-14 05:52 - 2016-12-09 02:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-03-14 05:52 - 2016-12-09 02:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-03-14 05:52 - 2016-12-09 02:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-03-14 05:52 - 2016-12-09 02:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-03-14 05:52 - 2016-12-09 02:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-14 05:52 - 2016-12-09 02:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-03-14 05:52 - 2016-12-09 02:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-14 05:52 - 2016-12-09 02:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-03-14 05:52 - 2016-12-09 02:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2017-03-14 05:52 - 2016-12-09 02:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-14 05:52 - 2016-12-09 02:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-14 05:52 - 2016-12-09 02:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2017-03-14 05:52 - 2016-12-09 02:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2017-03-14 05:52 - 2016-12-09 01:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-03-14 05:52 - 2016-11-11 03:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2017-03-14 05:52 - 2016-11-11 03:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-03-14 05:52 - 2016-11-11 03:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-03-14 05:52 - 2016-11-11 03:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-03-14 05:52 - 2016-11-11 03:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2017-03-14 05:52 - 2016-11-11 03:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-14 05:52 - 2016-11-11 03:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-14 05:52 - 2016-11-11 03:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-03-14 05:52 - 2016-11-11 02:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-14 05:52 - 2016-11-11 02:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-14 05:52 - 2016-11-11 02:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-14 05:52 - 2016-11-11 02:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-03-14 05:52 - 2016-11-11 02:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2017-03-14 05:52 - 2016-11-11 02:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-03-14 05:52 - 2016-11-11 02:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-03-14 05:52 - 2016-11-11 02:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-03-14 05:52 - 2016-11-11 02:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2017-03-14 05:52 - 2016-11-11 02:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-14 05:52 - 2016-11-11 02:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2017-03-14 05:52 - 2016-11-11 02:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2017-03-14 05:52 - 2016-11-11 02:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-14 05:52 - 2016-11-11 02:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2017-03-14 05:52 - 2016-11-11 02:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-03-14 05:52 - 2016-11-11 02:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-03-14 05:52 - 2016-11-11 02:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-03-14 05:52 - 2016-11-11 02:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-14 05:52 - 2016-11-11 02:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-03-14 05:52 - 2016-11-11 02:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-03-14 05:52 - 2016-11-11 02:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-03-14 05:52 - 2016-11-11 02:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-03-14 05:52 - 2016-11-11 02:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-03-14 05:52 - 2016-11-11 02:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-03-14 05:52 - 2016-11-11 02:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-03-14 05:52 - 2016-11-11 02:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-03-14 05:52 - 2016-11-11 02:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-14 05:52 - 2016-11-11 02:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-03-14 05:52 - 2016-11-11 02:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2017-03-14 05:52 - 2016-11-11 02:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-03-14 05:52 - 2016-11-11 02:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2017-03-14 05:52 - 2016-11-11 02:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-14 05:52 - 2016-11-11 02:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-03-14 05:52 - 2016-11-11 02:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2017-03-14 05:52 - 2016-11-11 02:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-03-14 05:52 - 2016-11-11 02:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-03-14 05:52 - 2016-11-11 02:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-03-14 05:52 - 2016-11-11 02:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-03-14 05:52 - 2016-11-11 02:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-14 05:52 - 2016-11-11 02:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-03-14 05:52 - 2016-11-11 02:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-14 05:52 - 2016-11-11 02:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-03-14 05:52 - 2016-11-11 02:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-03-14 05:52 - 2016-11-11 02:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-14 05:52 - 2016-11-11 02:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-14 05:52 - 2016-11-11 02:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2017-03-14 05:52 - 2016-11-11 01:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-14 05:52 - 2016-11-11 01:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-03-14 05:52 - 2016-11-11 00:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-14 05:52 - 2016-11-11 00:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-03-14 05:52 - 2016-11-11 00:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-03-14 05:52 - 2016-11-11 00:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-14 05:52 - 2016-11-11 00:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-14 05:52 - 2016-11-11 00:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-03-14 05:52 - 2016-11-11 00:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-03-14 05:52 - 2016-11-11 00:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-03-14 05:52 - 2016-11-11 00:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-14 05:52 - 2016-11-11 00:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-03-14 05:52 - 2016-11-11 00:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-03-14 05:52 - 2016-11-11 00:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-03-14 05:52 - 2016-11-11 00:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-03-14 05:52 - 2016-11-11 00:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-03-14 05:52 - 2016-11-11 00:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-14 05:52 - 2016-11-11 00:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2017-03-14 05:52 - 2016-11-11 00:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 05:52 - 2016-11-11 00:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-03-14 05:52 - 2016-11-11 00:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-03-14 05:52 - 2016-11-11 00:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-03-14 05:52 - 2016-11-11 00:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-14 05:52 - 2016-11-11 00:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-03-14 05:52 - 2016-11-11 00:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-14 05:52 - 2016-11-11 00:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-14 05:52 - 2016-11-11 00:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-14 05:52 - 2016-11-11 00:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-03-14 05:52 - 2016-11-11 00:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-03-14 05:52 - 2016-11-11 00:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-03-14 05:52 - 2016-11-11 00:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-03-14 05:52 - 2016-11-11 00:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-03-14 05:52 - 2016-11-11 00:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-03-14 05:52 - 2016-11-11 00:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-03-14 05:52 - 2016-11-11 00:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-03-14 05:51 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-03-14 05:51 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-03-14 05:51 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-03-14 05:51 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-03-14 05:51 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-03-14 05:51 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-14 05:51 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-03-14 05:51 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-03-14 05:51 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-03-14 05:51 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-03-14 05:51 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-03-14 05:51 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-14 05:51 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-03-14 05:51 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-03-14 05:51 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-03-14 05:51 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-03-14 05:51 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-03-14 05:51 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-03-14 05:51 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-03-14 05:51 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-03-14 05:51 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-03-14 05:51 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-03-14 05:51 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-14 05:51 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-14 05:51 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-03-14 05:51 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-03-14 05:51 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-03-14 05:51 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-03-14 05:51 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-14 05:51 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-03-14 05:51 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-03-14 05:51 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-03-14 05:51 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-14 05:51 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-03-14 05:51 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-03-14 05:51 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-03-14 05:51 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-14 05:51 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-03-14 05:51 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-03-14 05:51 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-03-14 05:51 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-14 05:51 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-03-14 05:51 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-14 05:51 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-03-14 05:51 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-03-14 05:51 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-03-14 05:51 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-03-14 05:51 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-03-14 05:51 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-03-14 05:51 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-03-14 05:51 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-03-14 05:51 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-03-14 05:51 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-14 05:51 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-03-14 05:51 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-14 05:51 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-03-14 05:51 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-03-14 05:51 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-14 05:51 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-03-14 05:51 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-03-14 05:51 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-03-14 05:51 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-14 05:51 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-14 05:51 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-03-14 05:51 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-03-14 05:51 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-14 05:51 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-03-14 05:51 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-03-14 05:51 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-03-14 05:51 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-03-14 05:51 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-03-14 05:51 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-03-14 05:51 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-03-14 05:51 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-14 05:51 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-03-14 05:51 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-03-14 05:51 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-03-14 05:51 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-03-14 05:51 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-14 05:51 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-03-14 05:51 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-03-14 05:51 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-03-14 05:51 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-03-14 05:51 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-14 05:51 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-03-14 05:51 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-03-14 05:51 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-03-14 05:51 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-03-14 05:51 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-03-14 05:51 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-14 05:51 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-03-14 05:51 - 2016-12-09 03:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-14 05:51 - 2016-12-09 03:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-14 05:51 - 2016-12-09 03:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-14 05:51 - 2016-12-09 03:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-14 05:51 - 2016-12-09 03:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-03-14 05:51 - 2016-12-09 03:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-03-14 05:51 - 2016-12-09 03:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-03-14 05:51 - 2016-12-09 03:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-14 05:51 - 2016-12-09 03:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-03-14 05:51 - 2016-12-09 03:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-03-14 05:51 - 2016-12-09 03:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-03-14 05:51 - 2016-12-09 03:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-03-14 05:51 - 2016-12-09 03:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-03-14 05:51 - 2016-12-09 03:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-03-14 05:51 - 2016-12-09 03:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-03-14 05:51 - 2016-12-09 03:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-03-14 05:51 - 2016-12-09 02:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-03-14 05:51 - 2016-12-09 02:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-03-14 05:51 - 2016-12-09 02:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-03-14 05:51 - 2016-12-09 02:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2017-03-14 05:51 - 2016-12-09 02:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2017-03-14 05:51 - 2016-12-09 02:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-03-14 05:51 - 2016-12-09 02:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-14 05:51 - 2016-12-09 02:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-03-14 05:51 - 2016-12-09 02:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-03-14 05:51 - 2016-12-09 02:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-03-14 05:51 - 2016-12-09 02:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-03-14 05:51 - 2016-12-09 02:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-03-14 05:51 - 2016-12-09 02:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-03-14 05:51 - 2016-12-09 02:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-03-14 05:51 - 2016-12-09 02:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-14 05:51 - 2016-12-09 02:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-03-14 05:51 - 2016-12-09 02:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-03-14 05:51 - 2016-12-09 02:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-03-14 05:51 - 2016-12-09 02:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-03-14 05:51 - 2016-12-09 02:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-14 05:51 - 2016-12-09 02:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-03-14 05:51 - 2016-12-09 02:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-03-14 05:51 - 2016-12-09 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2017-03-14 05:51 - 2016-12-09 02:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-03-14 05:51 - 2016-11-11 03:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-03-14 05:51 - 2016-11-11 03:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-14 05:51 - 2016-11-11 03:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-03-14 05:51 - 2016-11-11 03:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-14 05:51 - 2016-11-11 03:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-03-14 05:51 - 2016-11-11 03:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-14 05:51 - 2016-11-11 03:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-03-14 05:51 - 2016-11-11 03:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-03-14 05:51 - 2016-11-11 03:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-03-14 05:51 - 2016-11-11 03:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-14 05:51 - 2016-11-11 02:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-14 05:51 - 2016-11-11 02:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-14 05:51 - 2016-11-11 02:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2017-03-14 05:51 - 2016-11-11 02:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-14 05:51 - 2016-11-11 02:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-03-14 05:51 - 2016-11-11 02:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2017-03-14 05:51 - 2016-11-11 02:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2017-03-14 05:51 - 2016-11-11 02:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-03-14 05:51 - 2016-11-11 02:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2017-03-14 05:51 - 2016-11-11 02:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2017-03-14 05:51 - 2016-11-11 02:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-03-14 05:51 - 2016-11-11 02:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-03-14 05:51 - 2016-11-11 02:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-03-14 05:51 - 2016-11-11 02:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-03-14 05:51 - 2016-11-11 02:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-03-14 05:51 - 2016-11-11 02:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2017-03-14 05:51 - 2016-11-11 02:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-03-14 05:51 - 2016-11-11 02:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-03-14 05:51 - 2016-11-11 02:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-03-14 05:51 - 2016-11-11 02:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-14 05:51 - 2016-11-11 02:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-03-14 05:51 - 2016-11-11 02:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2017-03-14 05:51 - 2016-11-11 02:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2017-03-14 05:51 - 2016-11-11 02:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-14 05:51 - 2016-11-11 02:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-03-14 05:51 - 2016-11-11 02:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-14 05:51 - 2016-11-11 02:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-03-14 05:51 - 2016-11-11 02:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-03-14 05:51 - 2016-11-11 02:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-14 05:51 - 2016-11-11 02:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-03-14 05:51 - 2016-11-11 02:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-03-14 05:51 - 2016-11-11 02:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-03-14 05:51 - 2016-11-11 02:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2017-03-14 05:51 - 2016-11-11 02:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-03-14 05:51 - 2016-11-11 02:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-03-14 05:51 - 2016-11-11 02:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-03-14 05:51 - 2016-11-11 02:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2017-03-14 05:51 - 2016-11-11 02:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-03-14 05:51 - 2016-11-11 02:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-03-14 05:51 - 2016-11-11 02:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-03-14 05:51 - 2016-11-11 02:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-14 05:51 - 2016-11-11 02:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-03-14 05:51 - 2016-11-11 02:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2017-03-14 05:51 - 2016-11-11 02:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2017-03-14 05:51 - 2016-11-11 02:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-14 05:51 - 2016-11-11 02:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-03-14 05:51 - 2016-11-11 02:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-14 05:51 - 2016-11-11 02:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-03-14 05:51 - 2016-11-11 02:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-14 05:51 - 2016-11-11 02:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-14 05:51 - 2016-11-11 02:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-14 05:51 - 2016-11-11 02:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-14 05:51 - 2016-11-11 02:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-03-14 05:51 - 2016-11-11 02:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-03-14 05:51 - 2016-11-11 02:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-14 05:51 - 2016-11-11 02:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-14 05:51 - 2016-11-11 02:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-03-14 05:51 - 2016-11-11 02:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-03-14 05:51 - 2016-11-11 02:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-03-14 05:51 - 2016-11-11 02:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-14 05:51 - 2016-11-11 02:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-03-14 05:51 - 2016-11-11 01:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-03-14 05:51 - 2016-11-11 00:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-03-14 05:51 - 2016-11-11 00:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2017-03-14 05:51 - 2016-11-11 00:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-03-14 05:51 - 2016-11-11 00:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-14 05:51 - 2016-11-11 00:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-14 05:51 - 2016-11-11 00:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-14 05:51 - 2016-11-11 00:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-14 05:51 - 2016-11-11 00:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-14 05:51 - 2016-11-11 00:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2017-03-14 05:51 - 2016-11-11 00:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2017-03-14 05:51 - 2016-11-11 00:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2017-03-14 05:51 - 2016-11-11 00:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2017-03-14 05:51 - 2016-11-11 00:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2017-03-14 05:51 - 2016-11-11 00:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-03-14 05:51 - 2016-11-11 00:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-14 05:51 - 2016-11-11 00:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-14 05:51 - 2016-11-11 00:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-03-14 05:51 - 2016-11-11 00:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-03-14 05:51 - 2016-11-11 00:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-03-14 05:51 - 2016-11-11 00:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-03-14 05:51 - 2016-11-11 00:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2017-03-14 05:51 - 2016-11-11 00:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-03-14 05:51 - 2016-11-11 00:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-03-14 05:51 - 2016-11-11 00:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-14 05:51 - 2016-11-11 00:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-03-14 05:51 - 2016-11-11 00:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-03-14 05:51 - 2016-11-11 00:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-03-14 05:51 - 2016-11-11 00:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-03-14 05:51 - 2016-11-11 00:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2017-03-14 05:51 - 2016-11-11 00:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-03-14 05:51 - 2016-11-11 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2017-03-14 05:51 - 2016-11-11 00:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-03-14 05:51 - 2016-11-11 00:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-03-14 05:51 - 2016-11-11 00:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-14 05:51 - 2016-11-11 00:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2017-03-14 05:51 - 2016-11-11 00:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-14 05:51 - 2016-11-11 00:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-03-14 05:51 - 2016-11-11 00:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-14 05:51 - 2016-11-11 00:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-14 05:51 - 2016-11-11 00:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-14 05:51 - 2016-11-11 00:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-03-14 05:51 - 2016-11-11 00:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-03-14 05:51 - 2016-11-11 00:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-14 05:51 - 2016-11-11 00:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-03-14 05:51 - 2016-11-11 00:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-14 05:51 - 2016-11-11 00:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-14 05:37 - 2017-03-14 05:32 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-14 05:29 - 2017-03-14 05:29 - 00000000 ____D C:\Users\Shannon\AppData\Local\NetworkTiles
2017-03-14 05:21 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-03-14 05:21 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-03-14 05:12 - 2017-03-14 05:12 - 00000000 ____D C:\Users\Shannon\AppData\Local\ESET
2017-03-14 05:08 - 2017-03-14 05:08 - 00002100 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-03-14 05:08 - 2017-03-14 05:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-03-14 05:08 - 2017-03-14 05:08 - 00000000 ____D C:\ProgramData\ESET
2017-03-14 05:08 - 2017-03-14 05:08 - 00000000 ____D C:\Program Files\ESET
2017-03-14 05:07 - 2017-03-14 05:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-03-14 05:07 - 2017-03-14 05:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-03-14 05:07 - 2017-03-14 05:07 - 00000000 ____D C:\Program Files\Synaptics
2017-03-14 05:07 - 2016-10-05 00:44 - 00079960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-03-14 04:57 - 2017-03-14 04:57 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Macromedia
2017-03-14 04:54 - 2017-03-14 04:54 - 00000000 ____D C:\Users\Shannon\AppData\Local\MicrosoftEdge
2017-03-14 04:48 - 2017-03-14 04:48 - 00000000 ____D C:\Users\Shannon\AppData\Local\Comms
2017-03-14 02:41 - 2017-03-14 02:41 - 00001203 _____ C:\Users\defaultuser0\AppData\Roaming\AppData - Shortcut.lnk
2017-03-14 02:30 - 2017-03-15 13:36 - 00002369 _____ C:\Users\Shannon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-14 02:30 - 2017-03-15 13:36 - 00000000 ___RD C:\Users\Shannon\OneDrive
2017-03-14 02:30 - 2017-03-14 02:30 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-03-14 02:28 - 2017-03-14 02:28 - 00000000 ____D C:\Users\Shannon\AppData\Local\Publishers
2017-03-14 02:27 - 2017-03-15 19:25 - 00000000 ____D C:\Users\Shannon\AppData\Local\Packages
2017-03-14 02:27 - 2017-03-15 19:14 - 00880458 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-14 02:27 - 2017-03-15 19:05 - 00000000 __SHD C:\Users\Shannon\IntelGraphicsProfiles
2017-03-14 02:27 - 2017-03-15 19:05 - 00000000 ____D C:\Users\Shannon
2017-03-14 02:27 - 2017-03-14 06:48 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-14 02:27 - 2017-03-14 06:48 - 00000000 ____D C:\Users\Shannon\AppData\Local\ConnectedDevicesPlatform
2017-03-14 02:27 - 2017-03-14 02:27 - 00000020 ___SH C:\Users\Shannon\ntuser.ini
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 _SHDL C:\Users\Shannon\My Documents
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 _SHDL C:\Users\Shannon\Documents\My Videos
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 _SHDL C:\Users\Shannon\Documents\My Pictures
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 _SHDL C:\Users\Shannon\Documents\My Music
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 ____D C:\Users\Shannon\AppData\Roaming\Adobe
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 ____D C:\Users\Shannon\AppData\Local\VirtualStore
2017-03-14 02:27 - 2017-03-14 02:27 - 00000000 ____D C:\Users\Shannon\AppData\Local\TileDataLayer
2017-03-14 02:26 - 2017-03-14 02:26 - 00000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2017-03-14 02:26 - 2017-03-14 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-03-14 02:26 - 2017-03-14 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-03-14 02:26 - 2017-03-14 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-03-14 02:26 - 2017-03-14 02:26 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-03-14 02:25 - 2017-03-14 02:26 - 00000000 ____D C:\Users\defaultuser0
2017-03-14 02:25 - 2017-03-14 02:25 - 00000020 ___SH C:\Users\defaultuser0\ntuser.ini
2017-03-14 02:25 - 2017-03-14 02:25 - 00000000 _SHDL C:\Users\defaultuser0\My Documents
2017-03-14 02:25 - 2017-03-14 02:25 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Videos
2017-03-14 02:25 - 2017-03-14 02:25 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Pictures
2017-03-14 02:25 - 2017-03-14 02:25 - 00000000 _SHDL C:\Users\defaultuser0\Documents\My Music
2017-03-14 02:23 - 2016-07-16 04:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default\My Documents
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\Default User
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Users\All Users
2017-03-14 02:21 - 2017-03-14 02:21 - 00000000 _SHDL C:\Documents and Settings
2017-03-14 02:18 - 2017-03-14 02:18 - 00007961 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-03-14 02:18 - 2017-03-14 02:18 - 00000000 ____D C:\ProgramData\Realtek
2017-03-14 02:18 - 2017-03-14 02:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-14 02:17 - 2017-03-15 19:05 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-14 02:17 - 2017-03-14 02:26 - 00000000 ____D C:\Intel
2017-03-14 02:17 - 2017-03-14 02:17 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\ProgramData\USOShared
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\Program Files\Realtek
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\Program Files\Intel
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-14 02:17 - 2017-03-14 02:17 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-03-14 02:17 - 2016-11-02 00:05 - 00103952 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-03-14 02:17 - 2016-11-02 00:05 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-03-14 02:16 - 2017-03-15 19:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-14 02:16 - 2017-03-15 18:37 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-14 02:16 - 2017-03-14 02:16 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-03-14 02:15 - 2017-03-14 06:45 - 00194192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-14 01:42 - 2017-03-14 02:25 - 00000000 ___DC C:\WINDOWS\Panther
2017-03-14 01:42 - 2017-03-14 01:42 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-03-14 01:42 - 2017-03-14 01:42 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-03-14 01:41 - 2017-03-14 01:41 - 00000000 ____D C:\Program Files (x86)\HP
2017-03-14 01:40 - 2017-03-14 01:40 - 00000000 ____D C:\WINDOWS\Setup
2017-03-14 01:40 - 2017-03-09 22:17 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-14 01:40 - 2017-03-09 22:17 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 01:34 - 2017-03-14 01:34 - 00000000 ____D C:\WINDOWS\OCR
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\0409
2017-03-14 01:33 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-03-14 01:26 - 2017-03-15 19:25 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-14 01:26 - 2017-03-15 19:25 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-14 01:26 - 2017-03-15 19:18 - 00000000 ____D C:\WINDOWS\Registration
2017-03-14 01:26 - 2017-03-15 13:36 - 00000000 ____D C:\WINDOWS\appcompat
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\Provisioning
2017-03-14 01:26 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-14 01:26 - 2017-03-14 05:09 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-14 01:26 - 2017-03-14 02:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-03-14 01:26 - 2017-03-14 02:23 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-03-14 01:26 - 2017-03-14 02:22 - 00000000 ____D C:\WINDOWS\rescache
2017-03-14 01:26 - 2017-03-14 02:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-14 01:26 - 2017-03-14 02:18 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-14 01:26 - 2017-03-14 02:18 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-03-14 01:26 - 2017-03-14 02:17 - 00000000 ____D C:\ProgramData\USOPrivate
2017-03-14 01:26 - 2017-03-14 01:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ___RD C:\Program Files\Windows Defender
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\WINDOWS\system32\setup
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-03-14 01:26 - 2017-03-14 01:39 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-03-14 01:26 - 2017-03-14 01:38 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-03-14 01:26 - 2017-03-14 01:34 - 00000000 ____D C:\WINDOWS\SystemApps
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\system32\Com
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\IME
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\WINDOWS\Help
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-14 01:26 - 2017-03-14 01:33 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 __RSD C:\WINDOWS\Media
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Web
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Vss
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\tracing
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\TAPI
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SystemResources
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\spool
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\ras
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\IME
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\ias
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\System
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SKB
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\security
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\schemas
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\SchCache
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Resources
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\PLA
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Performance
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\InputMethod
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Globalization
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Cursors
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\Branding
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\addins
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\ProgramData\Comms
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files\Windows NT
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files\Common Files\Services
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-03-14 01:26 - 2017-03-14 01:26 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-03-14 01:26 - 2017-03-14 01:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-03-14 01:26 - 2017-03-14 01:22 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-03-14 01:26 - 2017-03-14 01:22 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-03-14 01:26 - 2017-03-14 01:22 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-03-14 01:26 - 2017-03-14 01:22 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-03-14 01:26 - 2017-03-14 01:22 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-03-14 01:26 - 2017-03-14 01:22 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-03-14 01:26 - 2017-03-14 01:22 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-03-14 01:26 - 2017-03-14 01:22 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-03-14 01:26 - 2017-03-14 01:22 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-03-14 01:26 - 2017-03-14 01:22 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-03-14 01:26 - 2017-03-14 01:22 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-03-14 01:26 - 2017-03-14 01:22 - 00000219 _____ C:\WINDOWS\system.ini
2017-03-14 01:26 - 2017-03-14 01:22 - 00000092 _____ C:\WINDOWS\win.ini
2017-03-14 01:23 - 2017-03-15 19:31 - 00000000 ____D C:\WINDOWS\INF
2017-03-14 01:15 - 2017-03-15 20:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-14 01:13 - 2017-03-15 18:54 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2017-03-14 01:13 - 2017-03-14 06:42 - 00000000 ____D C:\WINDOWS\servicing
2017-03-14 01:13 - 2017-03-14 05:39 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-14 01:13 - 2017-03-14 01:26 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-03-14 01:12 - 2017-03-14 01:51 - 00000000 ___HD C:\$SysReset
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-10 18:16 - 2016-07-16 04:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-14 02:15
==================== End of FRST.txt ============================
 
 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Shannon (15-03-2017 20:18:26)
Running from C:\Users\Shannon\Downloads
Windows 10 Home Version 1607 (X64) (2017-03-14 09:26:07)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-1540712080-551408199-3099575163-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1540712080-551408199-3099575163-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1540712080-551408199-3099575163-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1540712080-551408199-3099575163-501 - Limited - Disabled)
Shannon (S-1-5-21-1540712080-551408199-3099575163-1001 - Administrator - Enabled) => C:\Users\Shannon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ESET Smart Security (HKLM\...\{5EEA8197-9CED-4AEA-925D-D32595AD3A57}) (Version: 10.0.390.0 - ESET, spol. s r.o.)
Microsoft OneDrive (HKU\S-1-5-21-1540712080-551408199-3099575163-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7562 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-14 05:52 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-02 00:05 - 2016-11-02 00:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-14 05:52 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-20 11:11 - 2016-11-20 11:11 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 05:51 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 05:51 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 05:51 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 05:51 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-14 05:51 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-14 05:51 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-14 05:51 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-03-14 01:26 - 2017-03-14 01:22 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1540712080-551408199-3099575163-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (03/15/2017 08:16:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 07:07:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error
Error: (03/15/2017 07:05:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 07:05:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 07:05:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 06:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/15/2017 06:38:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_cfbe3 service.
Error: (03/15/2017 06:38:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_cfbe3 service.
Error: (03/15/2017 06:37:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CDPUserSvc_cfbe3 service.
Error: (03/15/2017 01:51:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
  Date: 2017-03-15 18:41:37.209
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-15 18:41:37.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-15 00:08:34.713
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-15 00:08:34.704
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-14 08:02:20.034
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-14 08:02:20.019
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-03-14 05:16:11.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel® Celeron® CPU N3050 @ 1.60GHz
Percentage of memory in use: 75%
Total physical RAM: 1905.27 MB
Available physical RAM: 464.88 MB
Total Virtual: 3057.27 MB
Available Virtual: 1376.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:28.57 GB) (Free:7.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 29.1 GB) (Disk ID: C89E2E1A)
Partition: GPT.
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Beepboopbop1

Beepboopbop1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 17 March 2017 - 03:09 AM

Update. BSOD attacks and maxed cpu mem and disk. I grabbed GMER and other tools. This is what I mean when I say i got registry issues. More then a few

 

MER 2.2.19882 - http://www.gmer.net
Rootkit scan 2017-03-17 01:02:18
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d VID:15 rev.0.1 29.12GB
Running: brjttbsr.exe; Driver: C:\Users\Shannon\AppData\Local\Temp\awtdqaoc.sys


---- User code sections - GMER 2.2 ----

?       C:\WINDOWS\SYSTEM32\NTASN1.dll [1692] entry point in ".rdata" section                                                                000000006b01a020
?       C:\WINDOWS\SYSTEM32\iertutil.dll [1692] entry point in ".rdata" section                                                              000000006af81590
?       C:\WINDOWS\SYSTEM32\atlthunk.dll [1692] entry point in ".data" section                                                               0000000060bd4290
?       C:\WINDOWS\system32\ncryptsslp.dll [1692] entry point in ".rdata" section                                                            00000000600304f0
?       C:\WINDOWS\system32\wbem\wbemsvc.dll [1692] entry point in ".rdata" section                                                          000000006aac8fc0
?       C:\WINDOWS\system32\apphelp.dll [1692] entry point in ".rdata" section                                                               000000006ad4f7c0
?       C:\WINDOWS\SYSTEM32\NTASN1.dll [5424] entry point in ".rdata" section                                                                000000006b01a020
?       C:\WINDOWS\SYSTEM32\iertutil.dll [5424] entry point in ".rdata" section                                                              000000006af81590
?       C:\WINDOWS\SYSTEM32\NTASN1.dll [1332] entry point in ".rdata" section                                                                000000006b01a020
?       C:\WINDOWS\SYSTEM32\iertutil.dll [1332] entry point in ".rdata" section                                                              000000006af81590
?       C:\WINDOWS\SYSTEM32\NTASN1.dll [3196] entry point in ".rdata" section                                                                000000006b01a020
?       C:\WINDOWS\SYSTEM32\iertutil.dll [3196] entry point in ".rdata" section                                                              000000006af81590
?       C:\WINDOWS\system32\apphelp.dll [4680] entry point in ".rdata" section                                                               000000006ad4f7c0

---- Threads - GMER 2.2 ----

Thread  C:\WINDOWS\system32\svchost.exe [804:944]                                                                                            00007ffebefef950
Thread  C:\WINDOWS\system32\svchost.exe [804:948]                                                                                            00007ffebefeed20
Thread  C:\WINDOWS\system32\svchost.exe [804:964]                                                                                            00007ffebee08ae0
Thread  C:\WINDOWS\system32\svchost.exe [884:1324]                                                                                           00007ffebf5b7070
Thread  C:\WINDOWS\system32\svchost.exe [304:1452]                                                                                           00007ffeb80e4310
Thread  C:\WINDOWS\system32\svchost.exe [304:2860]                                                                                           00007ffea7592af0
Thread  C:\WINDOWS\system32\svchost.exe [304:2864]                                                                                           00007ffea7592a40
Thread  C:\WINDOWS\system32\svchost.exe [304:3292]                                                                                           00007ffea758fdf0
Thread  C:\WINDOWS\system32\svchost.exe [304:3228]                                                                                           00007ffea7585c80
Thread  C:\WINDOWS\system32\svchost.exe [304:5784]                                                                                           00007ffea73f51d0
Thread  C:\WINDOWS\system32\svchost.exe [304:5788]                                                                                           00007ffea73f72d0
Thread  C:\WINDOWS\system32\svchost.exe [560:1188]                                                                                           00007ffeba8c4260
Thread  C:\WINDOWS\system32\svchost.exe [560:1264]                                                                                           00007ffeba8cbce0
Thread  C:\WINDOWS\system32\svchost.exe [560:1268]                                                                                           00007ffeba8cbce0
Thread  C:\WINDOWS\system32\svchost.exe [560:1280]                                                                                           00007ffeba8cbce0
Thread  C:\WINDOWS\system32\svchost.exe [560:1684]                                                                                           00007ffeb208a770
Thread  C:\WINDOWS\system32\svchost.exe [560:3464]                                                                                           00007ffeb7ad1670
Thread  C:\WINDOWS\system32\svchost.exe [560:5300]                                                                                           00007ffebe37ac90
Thread  C:\WINDOWS\system32\svchost.exe [560:3852]                                                                                           00007ffebe373590
Thread  C:\WINDOWS\system32\svchost.exe [780:1044]                                                                                           00007ffebe6a0740
Thread  C:\WINDOWS\system32\svchost.exe [780:1512]                                                                                           00007ffebffc6750
Thread  C:\WINDOWS\system32\svchost.exe [780:2320]                                                                                           00007ffebffc6750
Thread  C:\WINDOWS\system32\svchost.exe [780:2524]                                                                                           00007ffebffc6750
Thread  C:\WINDOWS\system32\svchost.exe [780:2572]                                                                                           00007ffebfccc5a0
Thread  C:\WINDOWS\system32\svchost.exe [780:2584]                                                                                           00007ffeaa0d6cf0
Thread  C:\WINDOWS\system32\svchost.exe [780:2628]                                                                                           00007ffec3b53db0
Thread  C:\WINDOWS\system32\svchost.exe [780:2912]                                                                                           00007ffea763af40
Thread  C:\WINDOWS\system32\svchost.exe [780:2916]                                                                                           00007ffea763ca00
Thread  C:\WINDOWS\system32\svchost.exe [780:2952]                                                                                           00007ffebfcceab0
Thread  C:\WINDOWS\system32\svchost.exe [780:3036]                                                                                           00007ffebfccd2d0
Thread  C:\WINDOWS\system32\svchost.exe [780:3040]                                                                                           00007ffebfcce100
Thread  C:\WINDOWS\system32\svchost.exe [780:2592]                                                                                           00007ffea65e1240
Thread  C:\WINDOWS\system32\svchost.exe [780:2816]                                                                                           00007ffea661a3b0
Thread  C:\WINDOWS\system32\svchost.exe [780:3008]                                                                                           00007ffeb7b425e0
Thread  C:\WINDOWS\system32\svchost.exe [780:3372]                                                                                           00007ffeb7bd3bc0
Thread  C:\WINDOWS\system32\svchost.exe [780:3212]                                                                                           00007ffeb7bd2080
Thread  C:\Windows\System32\WUDFHost.exe [824:1620]                                                                                          00007ffeb2fa6e70
Thread  C:\Windows\System32\WUDFHost.exe [824:1628]                                                                                          00007ffeb24eed10
Thread  C:\Windows\System32\WUDFHost.exe [824:1648]                                                                                          00007ffeb2363b60
Thread   [1148:1180]                                                                                                                         00007ffec3b53db0
Thread   [1148:1884]                                                                                                                         000001a35cc47820
Thread   [1148:1888]                                                                                                                         000001a35cc47820
Thread   [1148:2052]                                                                                                                         00007ffea9cbd730
Thread   [1148:2064]                                                                                                                         00007ffeba719490
Thread   [1148:2164]                                                                                                                         00007ffeba4b5e30
Thread   [1148:2168]                                                                                                                         00007ffeba4b5e30
Thread   [1148:2176]                                                                                                                         00007ffeba704260
Thread   [1148:2180]                                                                                                                         00007ffeba718460
Thread   [1148:2184]                                                                                                                         00007ffeba718460
Thread   [1148:2188]                                                                                                                         00007ffeba718460
Thread   [1148:2192]                                                                                                                         00007ffeba702f60
Thread   [1148:2196]                                                                                                                         00007ffeba702f60
Thread   [1148:2204]                                                                                                                         00007ffeba703030
Thread   [1148:2260]                                                                                                                         00007ffec4d22dc0
Thread   [1148:2388]                                                                                                                         00007ffeba3bb280
Thread   [1148:2404]                                                                                                                         00007ffeba080a10
Thread   [1148:2412]                                                                                                                         000001a35cfb1840
Thread   [1148:2424]                                                                                                                         00007ffeba3bc580
Thread   [1148:2444]                                                                                                                         00007ffeb9ae5610
Thread   [1148:2452]                                                                                                                         00007ffeb9abc6a0
Thread   [1148:2456]                                                                                                                         00007ffeb9abb770
Thread   [1148:2460]                                                                                                                         00007ffeb9abb770
Thread   [1148:2468]                                                                                                                         00007ffeb9abb830
Thread   [1148:2556]                                                                                                                         00007ffeba396050
Thread   [1148:2564]                                                                                                                         00007ffeb8512cf0
Thread   [1148:3448]                                                                                                                         00007ffec4d22dc0
Thread   [1148:3824]                                                                                                                         00007ffeba089d40
Thread   [1148:4172]                                                                                                                         00007ffeba723580
Thread   [1148:3828]                                                                                                                         00007ffeba3e7520
Thread   [1148:5652]                                                                                                                         00007ffeba3e7520
Thread   [1148:3808]                                                                                                                         000001a35cfaf950
Thread   [1148:5544]                                                                                                                         00007ffec072faa0
Thread   [1148:6012]                                                                                                                         00007ffeba723580
Thread  C:\WINDOWS\system32\svchost.exe [1192:1380]                                                                                          00007ffeb8b1ef50
Thread  C:\WINDOWS\system32\svchost.exe [1192:1536]                                                                                          00007ffeb3c53270
Thread  C:\WINDOWS\system32\svchost.exe [1192:2012]                                                                                          00007ffeaab150c0
Thread  C:\WINDOWS\system32\svchost.exe [1192:2348]                                                                                          00007ffea7bf1a50
Thread  C:\WINDOWS\system32\svchost.exe [1192:3048]                                                                                          00007ffea68939b0
Thread  C:\WINDOWS\system32\svchost.exe [1192:3216]                                                                                          00007ffec072faa0
Thread  C:\WINDOWS\system32\svchost.exe [1192:4440]                                                                                          00007ffeb8512cf0
Thread  C:\WINDOWS\system32\svchost.exe [1192:5820]                                                                                          00007ffebd5f1040
Thread  C:\WINDOWS\system32\svchost.exe [1192:748]                                                                                           00007ffeaa6e48e0
Thread  C:\WINDOWS\system32\svchost.exe [1192:744]                                                                                           00007ffeaa6e48e0
Thread  C:\WINDOWS\system32\svchost.exe [1192:1460]                                                                                          00007ffea9de30f0
Thread  C:\WINDOWS\System32\svchost.exe [1492:1528]                                                                                          00007ffeb3d63210
Thread  C:\WINDOWS\System32\svchost.exe [1492:1548]                                                                                          00007ffeb3b43ba0
Thread  C:\WINDOWS\system32\svchost.exe [1640:1752]                                                                                          00007ffeb1fde830
Thread  C:\WINDOWS\system32\svchost.exe [1640:1772]                                                                                          00007ffeb13b10a0
Thread  C:\WINDOWS\system32\svchost.exe [1640:1980]                                                                                          00007ffeb8512cf0
Thread  C:\WINDOWS\system32\svchost.exe [1640:2216]                                                                                          00007ffeaa195bd0
Thread  C:\WINDOWS\system32\svchost.exe [1640:2232]                                                                                          00007ffeaa199b20
Thread  C:\WINDOWS\system32\svchost.exe [1640:2236]                                                                                          00007ffeb8512cf0
Thread  C:\WINDOWS\system32\svchost.exe [1664:1824]                                                                                          00007ffeab74c030
Thread  C:\WINDOWS\system32\svchost.exe [1664:1864]                                                                                          00007ffeab747000
Thread  C:\WINDOWS\system32\svchost.exe [1664:1868]                                                                                          00007ffeab748370
Thread  C:\WINDOWS\system32\svchost.exe [1664:1876]                                                                                          00007ffeab74ad30
Thread  C:\WINDOWS\system32\svchost.exe [1664:1436]                                                                                          00007ffea9fff050
Thread  C:\WINDOWS\system32\svchost.exe [1664:1820]                                                                                          00007ffeaa0687e0
Thread  C:\WINDOWS\system32\svchost.exe [1664:3628]                                                                                          00007ffea586dbe0
Thread  C:\WINDOWS\system32\svchost.exe [1664:3460]                                                                                          00007ffea586dbe0
Thread  C:\WINDOWS\system32\svchost.exe [1664:3860]                                                                                          00007ffeab74c830
Thread  C:\WINDOWS\system32\svchost.exe [1664:3204]                                                                                          00007ffeab747d50
Thread  C:\WINDOWS\system32\svchost.exe [1664:1656]                                                                                          00007ffea9de30f0
Thread  C:\WINDOWS\System32\spoolsv.exe [1944:2644]                                                                                          00007ffea65a5bc0
Thread  C:\WINDOWS\System32\spoolsv.exe [1944:2608]                                                                                          00007ffea6582740
Thread  C:\WINDOWS\System32\spoolsv.exe [1944:2676]                                                                                          00007ffebb071180
Thread  C:\WINDOWS\System32\spoolsv.exe [1944:2672]                                                                                          00007ffebb0b8e40
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:4076]                                                                                        00007ffea2901ba0
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:4084]                                                                                        00007ffeaa321160
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:3080]                                                                                        00007ffeaa321a20
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:3112]                                                                                        00007ffec3bdb600
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:3224]                                                                                        00007ffea25da3b0
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:1860]                                                                                        00007ffea2057930
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:3316]                                                                                        00007ffea2057930
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:4592]                                                                                        00007ffebeb530f0
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:4820]                                                                                        00007ffea586dbe0
Thread  C:\WINDOWS\system32\taskhostw.exe [3816:4828]                                                                                        00007ffea586dbe0
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:1892]                                                                                    00007ffec1b1a200
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:5680]                                                                                    00007ffebead2880
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:5684]                                                                                    00007ffec15c59c0
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:5356]                                                                                    00007ffeb8512cf0
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:2900]                                                                                    00007ffe9bfcbb70
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:5220]                                                                                    00007ffeb8512cf0
Thread  C:\Windows\System32\RuntimeBroker.exe [3108:4940]                                                                                    00007ffeb8512cf0
Thread  C:\WINDOWS\Explorer.EXE [4116:4808]                                                                                                  00007ffe9bfcbb70
Thread  C:\WINDOWS\Explorer.EXE [4116:5700]                                                                                                  00007ffeb72836f0
Thread  C:\WINDOWS\Explorer.EXE [4116:5720]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5752]                                                                                                  00007ffeb1cc5110
Thread  C:\WINDOWS\Explorer.EXE [4116:6140]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5944]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5348]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:1220]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:2576]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:4400]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:256]                                                                                                   00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:3868]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:4888]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:4576]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:6104]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:6124]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:3396]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5964]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5128]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:3644]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5832]                                                                                                  00007ffeb72920e0
Thread  C:\WINDOWS\Explorer.EXE [4116:5340]                                                                                                  00007ffeb72920e0

---- Registry - GMER 2.2 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                    0x4D 0xDB 0x11 0xB4 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                0x10 0x23 0x25 0x35 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@en-US                                                                4
Reg     HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\AUO312C0_00_07DB_F4^CDE1255B436B35FA52A5085EE0C1FA3F@Timestamp   0xC3 0x0A 0x0E 0x02 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@Notification Packages                                                                      scecli?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa@Authentication Packages                                                                    msv1_0?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig@Security Packages                                                                 pku2u
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute                                                                    autocheck autochk *?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                    \??\C:\Users\Shannon\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Shannon\AppData\Local\Temp\~nsu.tmp??\??\C:\Users\Shannon\AppData\Local\Temp\_iu14D2N.tmp??
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                    -1559506258
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs@IMAGEHLP                                                             IMAGEHLP.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                     49d38bbc-a480-48fc-897b-aa90fad
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId                                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName                                                                          \BaseNamedObjects\WDI_{25413466-4645-45b2-b67f-30d3660875d0}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller@Events                                      CreateSession
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName                                                               Global\MMF_BITS777e021f-14af-43b2-832e-2e0adb7ab370
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\68140183edec                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@Type                                                                        224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@Start                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@ErrorControl                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@DisplayName                                                                 CDPUserSvc_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3@Description                                                                 @%SystemRoot%\system32\cdpusersvc.dll,-101
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3\Security                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3\Security@Security                                                           0x01 0x00 0x14 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CDPUserSvc_cfb4a3                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastTelemetryLog                                            0x84 0xFE 0x7A 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{b19a5a98-b201-45e7-9154-7cb0ec5e0228}@LastProbeTime                1489650090
Reg     HKLM\SYSTEM\CurrentControlSet\Services\dptf_acpi\Parameters\Wdf@TimeOfLastTelemetryLog                                               0x18 0x2C 0xFE 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\dptf_cpu\Parameters\Wdf@TimeOfLastTelemetryLog                                                0x5B 0xEA 0x86 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\esif_lf\Parameters\Wdf@TimeOfLastTelemetryLog                                                 0x38 0x8F 0xD7 0xB5 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastTelemetryLog                                                0xED 0x99 0xD5 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iagpio\Parameters\Wdf@TimeOfLastTelemetryLog                                                  0x13 0x38 0x36 0xB0 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\intelppm\Parameters\Wdf@TimeOfLastTelemetryLog                                                0xED 0x99 0xD5 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{3FE1315C-4940-4226-A464-ED4E4C031855}@DefunctTimestamp            0xD9 0x76 0xCB 0x58 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\4c-8b-30-3d-80-80@AddressCreationTimestamp                      0x82 0x0B 0xDC 0x0E ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@Type                                                                  224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@Start                                                                 3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@ErrorControl                                                          0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@ImagePath                                                             C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@DisplayName                                                           MessagingService_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@FailureActions                                                        0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3@Description                                                           @%SystemRoot%\system32\MessagingService.dll,-101
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\Security                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\Security@Security                                                     0x01 0x00 0x14 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0@Type                                                    7
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0@Action                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0@Guid                                                    0x16 0x28 0x7A 0x2D ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0@Data0                                                   0x75 0x18 0xBC 0xA3 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3\TriggerInfo\0@DataType0                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\MessagingService_cfb4a3                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog                                          0x18 0x2C 0xFE 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@Type                                                                        224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@Start                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@ErrorControl                                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@ImagePath                                                                   C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@DisplayName                                                                 Sync Host_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@FailureActions                                                              0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3@Description                                                                 @%SystemRoot%\system32\APHostRes.dll,-10001
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3\Security                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3\Security@Security                                                           0x01 0x00 0x04 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\OneSyncSvc_cfb4a3                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@Type                                                            224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@Start                                                           3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@ErrorControl                                                    0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@ImagePath                                                       C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@DisplayName                                                     Contact Data_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@FailureActions                                                  0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3@Description                                                     @%SystemRoot%\system32\UserDataAccessRes.dll,-15000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3\Security                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3\Security@Security                                               0x01 0x00 0x04 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc_cfb4a3                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\RtkBtFilter\Parameters\Wdf@TimeOfLastTelemetryLog                                             0xC1 0x96 0x9B 0xB3 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                      766
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                     58
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SmbDrvI\Parameters\Wdf@TimeOfLastTelemetryLog                                                 0x60 0xE8 0xE3 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                               4
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS                                                                 657
Reg     HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters\Wdf@TimeOfLastTelemetryLog                                                   0x5B 0xEA 0x86 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30ffcc6d-d73b-4ad8-aba3-17ee10a1a666}@LeaseObtainedTime          1489729242
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30ffcc6d-d73b-4ad8-aba3-17ee10a1a666}@T1                         1489772442
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30ffcc6d-d73b-4ad8-aba3-17ee10a1a666}@T2                         1489804842
Reg     HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30ffcc6d-d73b-4ad8-aba3-17ee10a1a666}@LeaseTerminatesTime        1489815642
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@ImagePath                                                                                 \SystemRoot\System32\drivers\tpm.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Type                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Start                                                                                     4
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@ErrorControl                                                                              1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Group                                                                                     Boot Bus Extender
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Tag                                                                                       5
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@DisplayName                                                                               @tpm.inf,%TPM%;TPM
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Description                                                                               @tpm.inf,%TPMDesc%;TPM Driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@Owners                                                                                    tpm.inf?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@BootFlags                                                                                 32
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@OsBootCount                                                                               5
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM@DeleteFlag                                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\KeyAttestationKeys                                                                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\Parameters                                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\Parameters\Wdf                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\Parameters\Wdf@WdfMajorVersion                                                            1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\Parameters\Wdf@WdfMinorVersion                                                            15
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\Parameters\Wdf@TimeOfLastTelemetryLog                                                     0x2F 0x0C 0x0F 0xAD ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\PlatformQuoteKeys                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\PlatformQuoteKeys@Windows AIK                                                             0x50 0x43 0x50 0x4D ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI@UseNullDerivedOwnerAuth                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin@OwnerAuthStatus                                                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin@LastAuthLevel                                                                   2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin@LockoutHash                                                                     /NyeC4QgoJhUvdlDo9hVUWPur5o=
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin@StorageOwnerAuth                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement@EndorsementAuth                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement@EkTries                                                                   10
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement@EkRetryLast                                                               0xB0 0xB2 0x14 0x43 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement@EkNoFetch                                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\Certificates                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\Certificates\297AE3A6821EADF756BB49ECB064DAD547263D2A         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\Certificates\297AE3A6821EADF756BB49ECB064DAD547263D2A@Blob    0x03 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\CRLs                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStore\CTLs                                                          
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStoreECC                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStoreECC\Certificates                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStoreECC\CRLs                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement\EKCertStoreECC\CTLs                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert\Store                                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com@GetProtocolOverride                         2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com@NoEkAttestationOverride                     1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com@VerifyProtocolOverride                      2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TPM                                                                                           
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller@Start                                                                        2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TrustedInstaller                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\Services\TXEIx64\Parameters\Wdf@TimeOfLastTelemetryLog                                                 0xCE 0x38 0x95 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastTelemetryLog                                                   0x84 0xFE 0x7A 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@Type                                                                       224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@Start                                                                      3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@ErrorControl                                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@ImagePath                                                                  C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@DisplayName                                                                User Data Storage_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-10002
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3\Security                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UnistoreSvc_cfb4a3                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastTelemetryLog                                                 0xD8 0x28 0xD7 0xB2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastTelemetryLog                                                 0x60 0xE8 0xE3 0xAF ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@Type                                                                       224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@Start                                                                      3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@ErrorControl                                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@ImagePath                                                                  C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@DisplayName                                                                User Data Access_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@FailureActions                                                             0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3@Description                                                                @%SystemRoot%\system32\UserDataAccessRes.dll,-14000
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3\Security                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3\Security@Security                                                          0x01 0x00 0x04 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\UserDataSvc_cfb4a3                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\vwifibus\Parameters\Wdf@TimeOfLastTelemetryLog                                                0x0B 0x26 0xC5 0xB2 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                  0x10 0x25 0x8D 0x96 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                       0x10 0x8D 0x51 0xF8 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                        0x10 0xBD 0xC8 0x34 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@LibraryPath             %SystemRoot%\System32\wshbth.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@DisplayString           Bluetooth Namespace
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@ProviderId              0xE0 0x63 0xAA 0x06 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@SupportedNameSpace      16
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@Enabled                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@Version                 0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@StoresServiceClassInfo  0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007@ProviderInfo            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List                                                              10406 10412 10424 10460 10470 10480 10500 10544 10554 10592 10598 10614
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter                                                             10620
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help                                                                10621
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter                                                            10406
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help                                                               10407
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3                                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@Type                                                                    224
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@Start                                                                   3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@ErrorControl                                                            0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@ImagePath                                                               C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@DisplayName                                                             Windows Push Notifications User Service_cfb4a3
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@FailureActions                                                          0x80 0x51 0x01 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3@Description                                                             @%SystemRoot%\system32\WpnUserService.dll,-2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3\Security                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3\Security@Security                                                       0x01 0x00 0x04 0x80 ...
Reg     HKLM\SYSTEM\CurrentControlSet\Services\WpnUserService_cfb4a3                                                                         

---- EOF - GMER 2.2 ----
 



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:56 PM

Posted 18 March 2017 - 10:27 AM

Greetings Beepboopbop1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:56 PM

Posted 18 March 2017 - 12:31 PM

I am not seeing any malicious software or other issues of concern.

Are you currently experiencing any issues?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Beepboopbop1

Beepboopbop1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 20 March 2017 - 07:57 PM

Sorry for the late reply. My laptop has bsod and has gone into bootloop. Im trying to get it to turn on. Ill reply from there in a min the logs before itt broke



#6 Beepboopbop1

Beepboopbop1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 20 March 2017 - 08:13 PM

hey. Thank you for your time. I had to reinstall to factory so im hoping that fried whatever was going on. Ill make a new thread if so, again thank you]



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:56 PM

Posted 20 March 2017 - 08:14 PM

Thanks for letting me know.

Good luck.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,058 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:56 PM

Posted 20 March 2017 - 08:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users