Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Chrome Extensions and trovi.com won't delete - Hidden Malware/Trojan


  • This topic is locked This topic is locked
21 replies to this topic

#1 cmtc

cmtc

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 13 April 2017 - 02:41 PM

Hello!

Noticed large CPU usage resulting in loud noise of new Surface Pro 3.  Noticed lagging, slow internet, and sudden Bluetooth disconnection with my mouse.  Ran malwarebytes, junkware tools etc. often which 98% of the time come back clean.  Adwarecleaner consistently reports chrome extensions and trovi.com extensions even after attempted cleaning.  On top of this Wireshark shows excessive unknown connections and constant listening ports.  This has been going on for a couple of months now, every time I think maybe it's clean the symptoms build up worse again.  I used to have Bitdefender and Kaspersky but trial just ended and I wanted to get this taken care of before I invest into a new antivirus.

 

Very frustrating, I use Illustrator and Photoshop for work constantly and have noticed reduced efficiency even though I have an i7 processor. Help is very much appreciated!!!  

Below is the appropriate logs.  Please note some of the file names have been edited due to their names containing sensitive information in regards to my job.  I edited them to say work sensitive but the rest of the information is accurate. :)  (Actually also edited name related to a website - changed it to SORORITY- instead of the actual sorority name for privacy reasons.)

I also posted the Adwarecleaner log so that you could see the offending extensions.  The ask.com/aol.com it found is new and was not found on previous logs.

Thanks again for helping me solve this constant mystery!!  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Celeste (administrator) on CMTC (13-04-2017 14:58:37)
Running from C:\Users\Celeste\Desktop
Loaded Profiles: Celeste (Available Profiles: Celeste)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-03-28] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-20] (Apple Inc.)
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKLM\...\Providers\Internet Print Provider: C:\Windows\System32\\inetpp.dll [174592 2016-07-16] (Microsoft Corporation)
HKLM\...\Providers\LanMan Print Services: C:\Windows\System32\\win32spl.dll [834048 2017-03-04] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-04-12]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{faf309c3-b9e9-4330-a3af-6149e326ee50}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
FireFox:
========
FF ProfilePath: C:\Users\Celeste\AppData\Roaming\Mozilla\Firefox\Profiles\OrTg0yqR.default [2017-04-10]
FF Extension: (Avira Browser Safety) - C:\Users\Celeste\AppData\Roaming\Mozilla\Firefox\Profiles\OrTg0yqR.default\Extensions\abs@avira.com [2017-04-10]
FF Extension: (Avira Password Manager) - C:\Users\Celeste\AppData\Roaming\Mozilla\Firefox\Profiles\OrTg0yqR.default\Extensions\passwordmanager@avira.com [2017-04-10]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://SORORITY.tumblr.com/
CHR StartupUrls: Default -> "hxxp://SORORITY/","hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3373D3FF-FC71-40AD-BD46-DEBD2932B039&SearchSource=55&CUI=&UM=6&UP=SPB4AC019A-2371-4EA1-B537-C380D7B548D9&SSPV=","hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Profile: C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default [2017-04-13]
CHR Extension: (Google Slides) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-14]
CHR Extension: (Google Docs) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-14]
CHR Extension: (Google Drive) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-14]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-04-03]
CHR Extension: (YouTube) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-14]
CHR Extension: (Avira Password Manager) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2017-04-10]
CHR Extension: (Avira Safe Shopping) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2017-04-10]
CHR Extension: (OneTab) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-03-14]
CHR Extension: (uBlock Origin) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-04-11]
CHR Extension: (Tampermonkey) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-03-14]
CHR Extension: (Session Buddy) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-03-29]
CHR Extension: (Google Sheets) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-14]
CHR Extension: (EditThisCookie) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-03-14]
CHR Extension: (Google Docs Offline) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-14]
CHR Extension: (Chrometana - Redirect Bing Somewhere Better) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaicbfmipfpfpjmlbpejaoaflfdnabnc [2017-03-14]
CHR Extension: (Google Play) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-03-14]
CHR Extension: (Zapier) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngghlnfmdgnpegcmbpgehkbhkhkbkjpj [2017-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Toggl Button: Productivity & Time Tracker) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2017-04-10]
CHR Extension: (Send to OmniFocus) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen [2017-04-11]
CHR Extension: (uBlock Origin Extra) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgdnlhfefecpicbbihgmbmffkjpaplco [2017-04-13]
CHR Extension: (Gmail) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-14]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Stormcrow) - C:\Users\Celeste\AppData\Roaming\Opera Software\Opera Stable\Extensions\clblbeknmgobkgonndomehcjpckopfeh [2017-03-22]
OPR Extension: (360 Internet Protection) - C:\Users\Celeste\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-03-22]
OPR Extension: (HTTPS Everywhere) - C:\Users\Celeste\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2017-04-12]
OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Celeste\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2017-03-22]
OPR Extension: (uBlock Origin) - C:\Users\Celeste\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2017-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [410800 2017-03-16] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2017-02-09] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2016-01-14] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2017-03-28] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-03-28] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWoW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dpclat_driver; C:\WINDOWS\system32\drivers\dpclat_driver.sys [21232 2017-02-25] (Thesycon GmbH)
S3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [24568 2015-09-19] (Intel Corporation)
S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [99320 2015-09-19] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-04-13] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\System32\drivers\TeeDriverx64.sys [100312 2015-09-19] (Intel Corporation)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1041408 2016-07-16] (Marvell Semiconductors Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84960 2017-03-26] (Sysinternals - www.sysinternals.com)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
S3 rspWhySoSlow; C:\WINDOWS\System32\DRIVERS\rspWhy64.sys [28928 2016-12-17] (Resplendence Software Projects Sp.)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [414448 2015-09-19] (Realsil Semiconductor Corporation)
R3 SurfaceAccessoryDevice; C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [60568 2015-09-19] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\WINDOWS\System32\drivers\SurfaceCapacitiveHomeButton.sys [52864 2015-09-19] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys [50328 2015-09-19] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys [58488 2015-09-19] (Microsoft Corporation)
R0 SurfacePciController; C:\WINDOWS\System32\drivers\SurfacePciController.sys [35440 2015-09-19] (Microsoft Corporation)
R3 SurfacePenDriver; C:\WINDOWS\System32\drivers\SurfacePenDriver.sys [115600 2017-03-07] (Microsoft Corporation)
R3 SurfacePro4TypeCoverIntegration; C:\WINDOWS\System32\drivers\SurfacePro4TypeCoverIntegration.sys [59448 2015-09-19] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\WINDOWS\System32\drivers\SurfaceTypeCover.sys [58896 2015-09-19] (Microsoft Corporation)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (The OpenVPN Project) [File not signed]
R3 TrueColor; C:\WINDOWS\system32\DRIVERS\TrueColor.sys [44664 2015-09-19] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-03-26] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-22] (Zemana Ltd.)
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-13 14:58 - 2017-04-13 14:58 - 00016562 _____ C:\Users\Celeste\Desktop\FRST.txt
2017-04-13 14:57 - 2017-04-13 14:57 - 02424832 _____ (Farbar) C:\Users\Celeste\Desktop\FRST64.exe
2017-04-13 14:28 - 2017-04-13 14:28 - 00003851 _____ C:\Users\Celeste\Desktop\SearchReg.txt
2017-04-13 14:21 - 2017-04-13 14:58 - 00000000 ____D C:\FRST
2017-04-13 13:57 - 2017-04-13 13:57 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2094579F.sys
2017-04-13 13:54 - 2017-04-13 13:57 - 00000000 ____D C:\AdwCleaner
2017-04-13 13:53 - 2017-04-13 13:54 - 00000000 ____D C:\Users\Celeste\Desktop\ip net info
2017-04-13 13:53 - 2017-04-13 13:53 - 00000000 ____D C:\Users\Celeste\Desktop\TCP View
2017-04-13 13:52 - 2017-04-13 13:52 - 39560124 _____ C:\Users\Celeste\Documents\Hellohello.pcapng
2017-04-12 23:19 - 2017-04-12 23:19 - 00002932 _____ C:\Users\Celeste\Documents\mcast.pcapng
2017-04-12 23:00 - 2017-04-12 23:00 - 00001834 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-04-12 23:00 - 2017-04-12 23:00 - 00001573 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign813365a7ed1fa3d8
2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2f482bff312cc6da
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf6cacc12dc3b2f49
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign158ef70d1662155c
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign088fcd6d5998d451
2017-04-12 11:16 - 2017-04-12 11:16 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-04-12 11:16 - 2017-04-12 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-12 11:15 - 2017-04-12 11:16 - 00000000 ____D C:\Program Files\iTunes
2017-04-12 11:15 - 2017-04-12 11:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2017-04-12 11:15 - 2017-04-12 11:15 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2017-04-12 11:15 - 2017-04-12 11:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2017-04-12 11:15 - 2017-04-12 11:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2017-04-12 11:15 - 2017-04-12 11:15 - 00000000 ____D C:\Program Files\iPod
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\Users\Default\AppData\Local\Apple
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\Program Files\Bonjour
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-04-12 11:14 - 2017-04-12 11:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-04-12 11:09 - 2017-04-12 11:09 - 00001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-04-12 11:09 - 2017-04-12 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-04-12 09:22 - 2017-04-12 09:22 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\412036EF.sys
2017-04-12 09:06 - 2017-04-12 09:06 - 00034917 _____ C:\Users\Celeste\Downloads\MTB.txt
2017-04-12 09:01 - 2017-04-12 09:01 - 00000000 ____D C:\Users\Celeste\Documents\Screencast-O-Matic
2017-04-11 23:32 - 2017-04-11 23:32 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-04-11 23:17 - 2017-03-28 03:10 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-04-11 23:17 - 2017-03-28 03:10 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 23:17 - 2017-03-28 02:32 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2017-04-11 23:17 - 2017-03-28 02:29 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-04-11 23:17 - 2017-03-28 02:28 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-04-11 23:17 - 2017-03-28 02:26 - 00218520 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2017-04-11 23:17 - 2017-03-28 02:21 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-04-11 23:17 - 2017-03-28 02:20 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-04-11 23:17 - 2017-03-28 02:19 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-04-11 23:17 - 2017-03-28 02:18 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-04-11 23:17 - 2017-03-28 02:15 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-04-11 23:17 - 2017-03-28 02:11 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-04-11 23:17 - 2017-03-28 02:11 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-04-11 23:17 - 2017-03-28 02:10 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-04-11 23:17 - 2017-03-28 02:10 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-04-11 23:17 - 2017-03-28 02:09 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.CredentialPicker.dll
2017-04-11 23:17 - 2017-03-28 02:07 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-04-11 23:17 - 2017-03-28 02:06 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 22221368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 08168512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01848584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-04-11 23:17 - 2017-03-28 02:05 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 02262776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 00277344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-04-11 23:17 - 2017-03-28 02:04 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-04-11 23:17 - 2017-03-28 02:04 - 00116568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-04-11 23:17 - 2017-03-28 02:02 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-04-11 23:17 - 2017-03-28 02:02 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-04-11 23:17 - 2017-03-28 02:02 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-04-11 23:17 - 2017-03-28 01:59 - 06667520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 23:17 - 2017-03-28 01:59 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-04-11 23:17 - 2017-03-28 01:59 - 02533728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-04-11 23:17 - 2017-03-28 01:58 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 01851688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 01344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 00961192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 23:17 - 2017-03-28 01:58 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-11 23:17 - 2017-03-28 01:53 - 01414728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 23:17 - 2017-03-28 01:53 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 23:17 - 2017-03-28 01:52 - 00306800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2017-04-11 23:17 - 2017-03-28 01:48 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-04-11 23:17 - 2017-03-28 01:42 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 23:17 - 2017-03-28 01:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-04-11 23:17 - 2017-03-28 01:41 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-04-11 23:17 - 2017-03-28 01:41 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-04-11 23:17 - 2017-03-28 01:41 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-04-11 23:17 - 2017-03-28 01:41 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-11 23:17 - 2017-03-28 01:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-04-11 23:17 - 2017-03-28 01:40 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2017-04-11 23:17 - 2017-03-28 01:40 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 23:17 - 2017-03-28 01:39 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-04-11 23:17 - 2017-03-28 01:39 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-04-11 23:17 - 2017-03-28 01:38 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-04-11 23:17 - 2017-03-28 01:38 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 23:17 - 2017-03-28 01:38 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-04-11 23:17 - 2017-03-28 01:37 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apds.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.SystemManagement.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-11 23:17 - 2017-03-28 01:37 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 23:17 - 2017-03-28 01:36 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsecsnp.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2017-04-11 23:17 - 2017-03-28 01:36 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicDisplay.sys
2017-04-11 23:17 - 2017-03-28 01:35 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-04-11 23:17 - 2017-03-28 01:35 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-04-11 23:17 - 2017-03-28 01:35 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-11 23:17 - 2017-03-28 01:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-04-11 23:17 - 2017-03-28 01:35 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-04-11 23:17 - 2017-03-28 01:35 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2017-04-11 23:17 - 2017-03-28 01:34 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-04-11 23:17 - 2017-03-28 01:34 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-04-11 23:17 - 2017-03-28 01:34 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-04-11 23:17 - 2017-03-28 01:34 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-04-11 23:17 - 2017-03-28 01:34 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-04-11 23:17 - 2017-03-28 01:34 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ipsmsnap.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-04-11 23:17 - 2017-03-28 01:33 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-11 23:17 - 2017-03-28 01:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-04-11 23:17 - 2017-03-28 01:32 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-04-11 23:17 - 2017-03-28 01:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-11 23:17 - 2017-03-28 01:30 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sbe.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-04-11 23:17 - 2017-03-28 01:30 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-11 23:17 - 2017-03-28 01:29 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-04-11 23:17 - 2017-03-28 01:29 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-04-11 23:17 - 2017-03-28 01:28 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-04-11 23:17 - 2017-03-28 01:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-04-11 23:17 - 2017-03-28 01:27 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-04-11 23:17 - 2017-03-28 01:27 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2017-04-11 23:17 - 2017-03-28 01:27 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-04-11 23:17 - 2017-03-28 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-04-11 23:17 - 2017-03-28 01:26 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-04-11 23:17 - 2017-03-28 01:25 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-04-11 23:17 - 2017-03-28 01:25 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2017-04-11 23:17 - 2017-03-28 01:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-04-11 23:17 - 2017-03-28 01:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-04-11 23:17 - 2017-03-28 01:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-04-11 23:17 - 2017-03-28 01:24 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-04-11 23:17 - 2017-03-28 01:24 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-04-11 23:17 - 2017-03-28 01:24 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2017-04-11 23:17 - 2017-03-28 01:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-04-11 23:17 - 2017-03-28 01:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-04-11 23:17 - 2017-03-28 01:23 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-11 23:17 - 2017-03-28 01:23 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-11 23:17 - 2017-03-28 01:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-04-11 23:17 - 2017-03-28 01:23 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2017-04-11 23:17 - 2017-03-28 01:22 - 00516096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2017-04-11 23:17 - 2017-03-28 01:22 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-04-11 23:17 - 2017-03-28 01:22 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2017-04-11 23:17 - 2017-03-28 01:22 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2017-04-11 23:17 - 2017-03-28 01:21 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 23:17 - 2017-03-28 01:21 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-04-11 23:17 - 2017-03-28 01:21 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-04-11 23:17 - 2017-03-28 01:21 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-04-11 23:17 - 2017-03-28 01:21 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-04-11 23:17 - 2017-03-28 01:20 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-04-11 23:17 - 2017-03-28 01:20 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-04-11 23:17 - 2017-03-28 01:20 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 07655424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-04-11 23:17 - 2017-03-28 01:19 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-04-11 23:17 - 2017-03-28 01:18 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-11 23:17 - 2017-03-28 01:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-11 23:17 - 2017-03-28 01:18 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-04-11 23:17 - 2017-03-28 01:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-04-11 23:17 - 2017-03-28 01:17 - 06109696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-04-11 23:17 - 2017-03-28 01:17 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-04-11 23:17 - 2017-03-28 01:17 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-04-11 23:17 - 2017-03-28 01:17 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-11 23:17 - 2017-03-28 01:16 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2017-04-11 23:17 - 2017-03-28 01:16 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-04-11 23:17 - 2017-03-28 01:16 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-04-11 23:17 - 2017-03-28 01:16 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-04-11 23:17 - 2017-03-28 01:15 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-04-11 23:17 - 2017-03-28 01:15 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-04-11 23:17 - 2017-03-28 01:15 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-04-11 23:17 - 2017-03-28 01:14 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-04-11 23:17 - 2017-03-28 01:14 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-04-11 23:17 - 2017-03-28 01:13 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-04-11 23:17 - 2017-03-28 01:13 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2017-04-11 23:17 - 2017-03-28 01:12 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 23:17 - 2017-03-28 01:11 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 01981440 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-04-11 23:17 - 2017-03-28 01:11 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-04-11 23:17 - 2017-03-28 01:10 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-04-11 23:17 - 2017-03-28 01:09 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-04-11 23:17 - 2017-03-28 01:09 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-04-11 23:17 - 2017-03-28 01:09 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-04-11 23:17 - 2017-03-28 01:09 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-04-11 23:17 - 2017-03-28 01:08 - 01564160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 23:17 - 2017-03-28 01:08 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-04-11 23:17 - 2017-03-28 01:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RADCUI.dll
2017-04-11 23:17 - 2017-03-28 01:06 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-04-11 23:17 - 2017-03-28 01:04 - 00119808 ____R (Microsoft Corporation) C:\WINDOWS\system32\SecureAssessmentHandlers.dll
2017-04-11 23:17 - 2017-03-28 00:48 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-04-11 23:16 - 2017-03-28 02:36 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-04-11 23:16 - 2017-03-28 02:36 - 01294688 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-04-11 23:16 - 2017-03-28 02:36 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-04-11 23:16 - 2017-03-28 02:36 - 00343904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-04-11 23:16 - 2017-03-28 02:36 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-04-11 23:16 - 2017-03-28 02:35 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 23:16 - 2017-03-28 02:28 - 07786336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 23:16 - 2017-03-28 02:26 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-04-11 23:16 - 2017-03-28 02:26 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-04-11 23:16 - 2017-03-28 02:26 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-04-11 23:16 - 2017-03-28 02:22 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-04-11 23:16 - 2017-03-28 02:20 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-04-11 23:16 - 2017-03-28 02:12 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-04-11 23:16 - 2017-03-28 02:11 - 02187616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 23:16 - 2017-03-28 02:11 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 23:16 - 2017-03-28 02:11 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 23:16 - 2017-03-28 02:10 - 02758648 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-11 23:16 - 2017-03-28 02:10 - 01157008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-04-11 23:16 - 2017-03-28 02:10 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-04-11 23:16 - 2017-03-28 02:10 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-04-11 23:16 - 2017-03-28 02:09 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-04-11 23:16 - 2017-03-28 02:09 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-04-11 23:16 - 2017-03-28 02:09 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-04-11 23:16 - 2017-03-28 02:08 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-04-11 23:16 - 2017-03-28 02:08 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 23:16 - 2017-03-28 02:08 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 23:16 - 2017-03-28 02:04 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-04-11 23:16 - 2017-03-28 02:04 - 01276760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 23:16 - 2017-03-28 02:04 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-04-11 23:16 - 2017-03-28 02:04 - 00160088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-04-11 23:16 - 2017-03-28 02:00 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 23:16 - 2017-03-28 02:00 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 23:16 - 2017-03-28 01:58 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-04-11 23:16 - 2017-03-28 01:44 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-04-11 23:16 - 2017-03-28 01:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-04-11 23:16 - 2017-03-28 01:38 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-04-11 23:16 - 2017-03-28 01:37 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 23:16 - 2017-03-28 01:37 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2017-04-11 23:16 - 2017-03-28 01:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-11 23:16 - 2017-03-28 01:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-04-11 23:16 - 2017-03-28 01:36 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 23:16 - 2017-03-28 01:36 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-11 23:16 - 2017-03-28 01:35 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-04-11 23:16 - 2017-03-28 01:35 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-04-11 23:16 - 2017-03-28 01:35 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.SystemManagement.dll
2017-04-11 23:16 - 2017-03-28 01:35 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-04-11 23:16 - 2017-03-28 01:34 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-04-11 23:16 - 2017-03-28 01:34 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-04-11 23:16 - 2017-03-28 01:34 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-04-11 23:16 - 2017-03-28 01:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDirectoryClient.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-04-11 23:16 - 2017-03-28 01:33 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2017-04-11 23:16 - 2017-03-28 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-04-11 23:16 - 2017-03-28 01:32 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-04-11 23:16 - 2017-03-28 01:32 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 23:16 - 2017-03-28 01:32 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-11 23:16 - 2017-03-28 01:31 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2017-04-11 23:16 - 2017-03-28 01:31 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2017-04-11 23:16 - 2017-03-28 01:30 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-04-11 23:16 - 2017-03-28 01:29 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-11 23:16 - 2017-03-28 01:28 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-04-11 23:16 - 2017-03-28 01:27 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-04-11 23:16 - 2017-03-28 01:26 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-04-11 23:16 - 2017-03-28 01:26 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-04-11 23:16 - 2017-03-28 01:25 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 23:16 - 2017-03-28 01:25 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-11 23:16 - 2017-03-28 01:25 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2017-04-11 23:16 - 2017-03-28 01:25 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-04-11 23:16 - 2017-03-28 01:25 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-11 23:16 - 2017-03-28 01:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-11 23:16 - 2017-03-28 01:24 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 23:16 - 2017-03-28 01:24 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-04-11 23:16 - 2017-03-28 01:23 - 09130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-11 23:16 - 2017-03-28 01:23 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-04-11 23:16 - 2017-03-28 01:23 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-11 23:16 - 2017-03-28 01:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-04-11 23:16 - 2017-03-28 01:21 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-04-11 23:16 - 2017-03-28 01:21 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2017-04-11 23:16 - 2017-03-28 01:20 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-04-11 23:16 - 2017-03-28 01:20 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 23:16 - 2017-03-28 01:19 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-04-11 23:16 - 2017-03-28 01:19 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-04-11 23:16 - 2017-03-28 01:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2017-04-11 23:16 - 2017-03-28 01:18 - 12181504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 23:16 - 2017-03-28 01:17 - 13087232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 23:16 - 2017-03-28 01:17 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2017-04-11 23:16 - 2017-03-28 01:17 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-11 23:16 - 2017-03-28 01:17 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-04-11 23:16 - 2017-03-28 01:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-04-11 23:16 - 2017-03-28 01:16 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-04-11 23:16 - 2017-03-28 01:15 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 08126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-04-11 23:16 - 2017-03-28 01:14 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-04-11 23:16 - 2017-03-28 01:14 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 06045184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-11 23:16 - 2017-03-28 01:13 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-11 23:16 - 2017-03-28 01:13 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-04-11 23:16 - 2017-03-28 01:12 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-04-11 23:16 - 2017-03-28 01:12 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-04-11 23:16 - 2017-03-28 01:12 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-11 23:16 - 2017-03-28 01:12 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-11 23:16 - 2017-03-28 01:12 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-04-11 23:16 - 2017-03-28 01:11 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-04-11 23:16 - 2017-03-28 01:11 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-04-11 23:16 - 2017-03-28 01:10 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-04-11 23:16 - 2017-03-28 01:09 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-11 23:16 - 2017-03-28 01:09 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-04-11 23:16 - 2017-03-28 01:09 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-11 23:16 - 2017-03-28 01:09 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-04-11 23:16 - 2017-03-28 01:08 - 03612672 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 23:16 - 2017-03-28 01:08 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-04-11 23:16 - 2017-03-28 01:08 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-11 23:16 - 2017-03-28 01:08 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2017-04-11 23:16 - 2017-03-28 01:07 - 00908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-04-11 23:16 - 2017-03-28 01:07 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-04-11 23:16 - 2017-03-28 01:07 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2017-04-11 23:16 - 2017-03-28 01:06 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-11 23:16 - 2017-03-28 01:06 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-04-11 23:16 - 2017-03-28 01:05 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 23:16 - 2017-03-18 12:50 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-11 23:16 - 2017-03-18 12:35 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-10 17:49 - 2017-04-10 17:49 - 00000000 ____D C:\Users\Celeste\AppData\Local\AviraSpeedup
2017-04-10 17:34 - 2017-04-10 17:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Avira
2017-04-10 17:30 - 2017-04-10 17:30 - 00000000 ____D C:\Users\Celeste\AppData\Roaming\Mozilla
2017-04-10 17:28 - 2017-04-13 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-10 17:28 - 2017-04-13 14:05 - 00000000 ____D C:\ProgramData\Avira
2017-04-10 13:52 - 2017-04-10 13:52 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign137f76bc548d9e77
2017-04-10 12:27 - 2017-04-10 12:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign42d0dff6f01a8126
2017-04-10 12:22 - 2017-04-10 12:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign92ec9e8ee13824a2
2017-04-10 11:47 - 2017-04-10 11:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1a4fcb65cb91639
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc413fb64a1acb062
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8915c8b3b6df68e3
2017-04-10 09:53 - 2017-04-10 09:53 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna9205856cf9c951b
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigneafc3bad522aea8e
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndea732882f0a9172
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign87914161251a393c
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign86724d33b0c989e6
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38590b2853d24b4a
2017-04-07 17:23 - 2017-04-07 17:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5bc1ce468d5f9e16
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign996102c4405d6efa
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign028bea1a09395d64
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2ea1c47f7d66bee
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e93a85d42b77c86
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign873032e641fc00a0
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7907c1fcefbed611
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6d8e5d118c21e0bf
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf260fa9dfe26dc0a
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd10a2ed6d91efa2e
2017-04-06 20:11 - 2017-04-06 20:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c1da7cc44386847
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne48c042b54ae271a
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign88d4f49c71346fec
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign247ad35163c1855e
2017-04-05 21:09 - 2017-04-05 21:09 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3ba72e556039493f
2017-04-05 21:04 - 2017-04-05 21:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3320b26733a5e77
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign60c2f859313fd47f
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1956e173a4f9da71
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfb5da4b00e9b007e
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8f3753d9dffe9755
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bf2e82e4b7a8f4e
2017-04-04 14:36 - 2017-04-04 14:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1744ee882e8fcff0
2017-04-04 12:35 - 2017-04-04 12:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc0fec8449e2dd5c2
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2470f7d936a1164
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7dd71e537b5486fb
2017-04-03 13:29 - 2017-04-03 13:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne27e5a6a00a38f7c
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndd82a62442e759ca
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign97879d78e0527b9f
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign984487deaec3ae1d
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign21cb87ddc503f07e
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74fddd78d322fdbc
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41bada228055a929
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign19dc1e9124767e17
2017-04-03 12:31 - 2017-04-13 14:02 - 59677696 _____ C:\Users\Celeste\AppData\Local\SageThumbs.db3
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9ea6ae69f5b1ef1e
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign61947d31566f4d92
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b6273a2c89f46e4
2017-04-03 12:18 - 2017-04-03 12:19 - 02099319 _____ C:\Users\Celeste\Downloads\intro.zip
2017-04-03 12:17 - 2017-04-03 12:17 - 01215743 _____ C:\Users\Celeste\Downloads\open-sans.zip
2017-04-03 12:17 - 2017-04-03 12:17 - 00088173 _____ C:\Users\Celeste\Downloads\paragon.zip
2017-04-03 12:17 - 2017-04-03 12:17 - 00088173 _____ C:\Users\Celeste\Downloads\paragon (1).zip
2017-04-03 12:17 - 2017-04-03 12:17 - 00059574 _____ C:\Users\Celeste\Downloads\london_between.zip
2017-04-03 12:16 - 2017-04-03 12:16 - 00310716 _____ C:\Users\Celeste\Downloads\muro.zip
2017-04-03 12:16 - 2017-04-03 12:16 - 00013571 _____ C:\Users\Celeste\Downloads\elegantech.zip
2017-04-03 12:16 - 2017-04-03 12:16 - 00013571 _____ C:\Users\Celeste\Downloads\elegantech (1).zip
2017-04-03 12:15 - 2017-04-03 12:15 - 00030731 _____ C:\Users\Celeste\Downloads\pacifico.zip
2017-04-03 12:15 - 2017-04-03 12:15 - 00017737 _____ C:\Users\Celeste\Downloads\goblin.zip
2017-04-03 12:14 - 2017-04-03 12:14 - 00031772 _____ C:\Users\Celeste\Downloads\grand-hotel.zip
2017-04-03 12:12 - 2017-04-03 12:12 - 00056422 _____ C:\Users\Celeste\Downloads\old_sans_black.zip
2017-04-03 12:12 - 2017-04-03 12:12 - 00045383 _____ C:\Users\Celeste\Downloads\sansblack.zip
2017-04-03 12:11 - 2017-04-03 12:11 - 01542745 _____ C:\Users\Celeste\Downloads\gross.zip
2017-04-03 12:10 - 2017-04-03 12:10 - 01501372 _____ C:\Users\Celeste\Downloads\roboto.zip
2017-04-03 12:10 - 2017-04-03 12:10 - 00133403 _____ C:\Users\Celeste\Downloads\neuton.zip
2017-03-31 20:41 - 2017-03-31 20:41 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38d324d8982e3f8c
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndf50b0379769b619
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd04f2bdaacf278ea
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncee7589a31709333
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbd2cccf27f3eae28
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bda3497101d67c0
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c94d8c85fc999d3
2017-03-31 14:01 - 2017-03-31 14:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2d3e99a9eef64df2
2017-03-31 13:24 - 2017-03-31 13:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign775e35da2fb5b6e2
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne600d025232d8003
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c8c7c1db06e1411
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign461488dc6747fd15
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4028f88b6d97f8ec
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3f4fa90b4a0efb2
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign67dc696372b5b4d1
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ebb744283df2d01
2017-03-30 20:01 - 2017-03-30 20:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign50b828539a2a8ad6
2017-03-30 14:26 - 2017-03-30 14:26 - 00007188 _____ C:\Users\Celeste\Downloads\WORKSENSITIVE.rar
2017-03-30 14:02 - 2017-03-30 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05ebe4dc32fa69d0
2017-03-30 13:45 - 2017-03-30 13:46 - 69109159 _____ C:\Users\Celeste\Downloads\WORKSENSITIVE.rar
2017-03-30 13:34 - 2017-03-30 13:34 - 00004518 _____ C:\Users\Celeste\Downloads\WORKSENSITIVE.rar
2017-03-30 12:28 - 2017-03-30 12:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf16d9f457ea75668
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign481b9c7fc3aa2770
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b165c5ee62643ef
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfed6837d49ca69ec
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignda27417d1f54df65
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign81d9fd5722e4176e
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74d5a79c0864e41d
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5b518cbcd849e279
2017-03-29 10:43 - 2017-03-29 10:43 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7e2c1bd3de259ffa
2017-03-29 10:05 - 2017-03-29 10:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncc4a43cb9b0d1650
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne307521f42998ea7
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc782fe53a4e64867
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign582b53e0d9913cfd
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign77fd9f2ddea676f8
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign37e1886a0f551013
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc623ad7612d12c1a
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0f262a267d8afc64
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign039cf8aca6caa2a9
2017-03-28 16:28 - 2017-03-28 16:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign619c6623e8e2c0db
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna360dae61b28023e
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign26f664604e7d3262
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc6ee1d7c4c84c994
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign58d6bd03641358a0
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc1c61e840c87cc42
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8a7b1054c7b4ffe5
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7481d1f5626fde38
2017-03-28 15:45 - 2017-03-28 15:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign84ed8529bec13c11
2017-03-28 15:32 - 2017-03-28 15:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna7ca8f2d6ec00c61
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna6777431be22c432
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign65cd7af392c8ac7a
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign477a4ab38bff624a
2017-03-28 11:42 - 2017-03-28 11:42 - 00000220 _____ C:\Users\Celeste\Documents\ok.txt
2017-03-28 10:43 - 2017-04-13 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\ESET
2017-03-27 08:44 - 2017-03-27 08:44 - 00056616 _____ C:\WINDOWS\system32\cert.p7b
2017-03-26 19:15 - 2017-03-16 00:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2017-03-26 19:15 - 2017-03-16 00:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2017-03-26 19:06 - 2017-04-12 10:49 - 00001341 _____ C:\DelFix.txt
2017-03-26 19:06 - 2017-03-26 19:06 - 00000000 ____D C:\WINDOWS\ERUNT
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2db2cbfb53040b99
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c46335e157081a1
2017-03-25 22:31 - 2017-04-12 16:30 - 00001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-03-25 22:31 - 2017-04-12 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf49927039ac5c1e4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf2c1a9319454c3d4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8eeb7c40f81c43b
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b186da34aedca7f
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign125eb44a7e732d80
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc2e28877206dcc55
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbbd6701236d5f69f
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign819aabdb35d5397e
2017-03-24 21:08 - 2013-07-16 16:00 - 00000000 ____D C:\Users\Celeste\Documents\__MACOSX
2017-03-24 21:08 - 2013-06-20 17:34 - 00923334 _____ C:\Users\Celeste\Documents\6_x_4_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 17:32 - 00918948 _____ C:\Users\Celeste\Documents\5_x_3_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:50 - 00928016 _____ C:\Users\Celeste\Documents\6_x_6_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:50 - 00926321 _____ C:\Users\Celeste\Documents\7_x_7_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:49 - 00926977 _____ C:\Users\Celeste\Documents\5_x_5_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:49 - 00922274 _____ C:\Users\Celeste\Documents\4_x_4_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:48 - 00918487 _____ C:\Users\Celeste\Documents\3_x_3_Die_Cut_Stickers.ai
2017-03-24 21:08 - 2013-06-20 16:48 - 00914440 _____ C:\Users\Celeste\Documents\2_x_2_Die_Cut_Stickers.ai
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign89993517d5e8575e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign646d7d943a816c4e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c4b2eec6c49f3a8
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e300beb256c3a1b
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05696fc65083f1f9
2017-03-24 14:47 - 2017-03-24 14:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign098a755583eb0616
2017-03-24 14:02 - 2017-03-24 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign685365c44f315871
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1794e6e1517aa08
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6fa7f3ff7793c375
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7de2e091ffadcd60
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79421310a58e5760
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigned20bae9be516597
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41b0bcc2632b4b2f
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne5f08ab27c64aa71
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbf23c6d29b67927c
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb841be77f1d7cf8a
2017-03-23 19:37 - 2017-03-23 19:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbb68401c809dd4bc
2017-03-23 19:33 - 2017-03-23 19:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc16f620ffa08cc29
2017-03-23 19:32 - 2017-03-23 19:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3fae703febb710e5
2017-03-23 19:07 - 2017-03-23 19:07 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne7738706fe0f88c7
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndc039b3efa7f8e6f
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd868fe7958a2ef23
2017-03-23 18:59 - 2017-03-23 18:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign09164536a6b6ce69
2017-03-23 18:58 - 2017-03-23 18:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79e64212b13bb343
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb82c23a297e38f1b
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna70c8ed933c9fc0a
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0452ba66cdfa4174
2017-03-22 20:19 - 2017-03-22 20:50 - 506890812 _____ C:\Users\Celeste\Downloads\WORKSENSITIVE.rar
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2339436e0101fba
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6f4beace4f784d42
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd7635daacc079974
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c888474eb4be0d8
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1e629303ecd15118
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncb4b72a6fc3a0774
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb52caa477daf6c07
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignce8a652f09e5db02
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign82e1e909df7196e0
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4f1d4e7bb892b8ea
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne558eefdc56dacb1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc934afc475956ef1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6a4040bdb1e21b77
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b29b84ab46c3e0c
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign08138759ddcf97fa
2017-03-22 13:36 - 2017-04-13 12:16 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-22 13:36 - 2017-03-22 13:36 - 00003942 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1490204181
2017-03-22 13:36 - 2017-03-22 13:36 - 00001215 _____ C:\Users\Public\Desktop\Opera.lnk
2017-03-22 13:36 - 2017-03-22 13:36 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-22 13:36 - 2017-03-22 13:36 - 00000000 ____D C:\Users\Celeste\AppData\Roaming\Opera Software
2017-03-22 13:36 - 2017-03-22 13:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Opera Software
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignaf0e509147838d54
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign47fa5528820fd89d
2017-03-20 11:11 - 2017-03-20 11:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8dcfaeb75e14aa57
2017-03-20 10:40 - 2017-03-20 10:40 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign17e44be0f5400b82
2017-03-20 10:39 - 2017-03-20 10:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign855f869da9422075
2017-03-20 10:38 - 2017-03-20 10:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9b572d7090c1aef6
2017-03-20 10:36 - 2017-03-20 10:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2c8d513f42ffe4b0
2017-03-20 10:31 - 2017-03-20 10:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign554cdce57e97ee60
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8d6e97f21305ab5
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5dcfdbac8dc3aadd
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9dc7745c1561ccda
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign35073e2c15541c7d
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd747fab2f235da34
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9d9821123f892ded
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ecb08b8163bdc70
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4ca5998cdab314ca
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign412bc7cddf0303ed
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign328f37f1f0d0bab8
2017-03-20 10:14 - 2017-03-20 10:14 - 00001989 _____ C:\Users\Public\Desktop\NordVPN.lnk
2017-03-20 10:13 - 2017-03-20 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2017-03-16 18:14 - 2017-03-26 16:19 - 00084960 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-03-16 17:27 - 2017-04-11 23:44 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-16 17:15 - 2017-04-13 14:48 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-16 17:15 - 2017-04-13 13:12 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-16 17:15 - 2017-04-11 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-16 17:15 - 2017-03-16 17:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-15 14:03 - 2017-03-15 14:03 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd5bc30467b208f4c
2017-03-15 14:02 - 2017-03-15 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c882e904b05ebe2
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne2232959865ffe01
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign95d435b96a4c06e0
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb33b9e3cd05444d9
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0d95174067356e69
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf69f1dd92aa863d3
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndda8bb86185359d9
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb1ae54e7065d1616
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7b6038a8d4f0e8be
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ec952f958ca6e89
2017-03-15 01:40 - 2017-03-04 03:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-03-15 01:40 - 2017-03-04 03:09 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-03-15 01:40 - 2017-03-04 03:09 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2017-03-15 01:40 - 2017-03-04 03:07 - 00557400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-03-15 01:40 - 2017-03-04 03:02 - 00184416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2017-03-15 01:40 - 2017-03-04 02:54 - 00524776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-03-15 01:40 - 2017-03-04 02:53 - 00781152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-03-15 01:40 - 2017-03-04 02:53 - 00493912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-03-15 01:40 - 2017-03-04 02:53 - 00313568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-03-15 01:40 - 2017-03-04 02:52 - 00549088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00976184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00530480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2017-03-15 01:40 - 2017-03-04 02:47 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-03-15 01:40 - 2017-03-04 02:46 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-03-15 01:40 - 2017-03-04 02:46 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-03-15 01:40 - 2017-03-04 02:45 - 00112120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-03-15 01:40 - 2017-03-04 02:42 - 01260784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-03-15 01:40 - 2017-03-04 02:30 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-03-15 01:40 - 2017-03-04 02:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-03-15 01:40 - 2017-03-04 02:29 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2017-03-15 01:40 - 2017-03-04 02:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XInputUap.dll
2017-03-15 01:40 - 2017-03-04 02:29 - 00019968 _____ C:\WINDOWS\SysWOW64\GamePanelExternalHook.dll
2017-03-15 01:40 - 2017-03-04 02:27 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2017-03-15 01:40 - 2017-03-04 02:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2017-03-15 01:40 - 2017-03-04 02:26 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-03-15 01:40 - 2017-03-04 02:26 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.UI.GameBar.dll
2017-03-15 01:40 - 2017-03-04 02:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2017-03-15 01:40 - 2017-03-04 02:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2017-03-15 01:40 - 2017-03-04 02:26 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2017-03-15 01:40 - 2017-03-04 02:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-03-15 01:40 - 2017-03-04 02:25 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2017-03-15 01:40 - 2017-03-04 02:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2017-03-15 01:40 - 2017-03-04 02:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2017-03-15 01:40 - 2017-03-04 02:24 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-03-15 01:40 - 2017-03-04 02:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2017-03-15 01:40 - 2017-03-04 02:23 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-03-15 01:40 - 2017-03-04 02:23 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2017-03-15 01:40 - 2017-03-04 02:23 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2017-03-15 01:40 - 2017-03-04 02:23 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiohlp.dll
2017-03-15 01:40 - 2017-03-04 02:22 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-03-15 01:40 - 2017-03-04 02:22 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-03-15 01:40 - 2017-03-04 02:22 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2017-03-15 01:40 - 2017-03-04 02:22 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-03-15 01:40 - 2017-03-04 02:22 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-03-15 01:40 - 2017-03-04 02:21 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-03-15 01:40 - 2017-03-04 02:20 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-03-15 01:40 - 2017-03-04 02:20 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2017-03-15 01:40 - 2017-03-04 02:20 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-03-15 01:40 - 2017-03-04 02:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-03-15 01:40 - 2017-03-04 02:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanui.dll
2017-03-15 01:40 - 2017-03-04 02:19 - 00714752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-03-15 01:40 - 2017-03-04 02:19 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-03-15 01:40 - 2017-03-04 02:19 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-03-15 01:40 - 2017-03-04 02:19 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 01:40 - 2017-03-04 02:18 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-03-15 01:40 - 2017-03-04 02:17 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-03-15 01:40 - 2017-03-04 02:16 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00762880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-03-15 01:40 - 2017-03-04 02:16 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-03-15 01:40 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-03-15 01:40 - 2017-03-04 02:15 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-03-15 01:40 - 2017-03-04 02:15 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-03-15 01:40 - 2017-03-04 02:14 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-03-15 01:40 - 2017-03-04 02:13 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-03-15 01:40 - 2017-03-04 02:12 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-03-15 01:40 - 2017-03-04 02:11 - 01357312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2017-03-15 01:40 - 2017-03-04 02:11 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-03-15 01:40 - 2017-03-04 02:11 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2017-03-15 01:40 - 2017-03-04 02:11 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-03-15 01:40 - 2017-03-04 02:10 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2017-03-15 01:40 - 2017-03-04 02:10 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2017-03-15 01:40 - 2017-03-04 02:09 - 00570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-03-15 01:40 - 2017-03-04 02:09 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2017-03-15 01:40 - 2017-03-04 02:07 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-03-15 01:40 - 2017-03-04 02:07 - 02643456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-03-15 01:40 - 2017-03-04 02:07 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2017-03-15 01:40 - 2017-03-04 02:06 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-03-15 01:40 - 2017-03-04 02:06 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-03-15 01:40 - 2017-03-04 02:05 - 01133568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-03-15 01:40 - 2017-03-04 02:05 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-03-15 01:40 - 2017-03-04 02:05 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2017-03-15 01:40 - 2017-03-04 02:05 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-03-15 01:40 - 2017-03-04 02:04 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-03-15 01:40 - 2017-03-04 02:03 - 02363904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-03-15 01:40 - 2017-03-04 02:03 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-03-15 01:40 - 2017-03-04 02:03 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2017-03-15 01:40 - 2017-03-04 02:03 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-03-15 01:40 - 2017-03-04 02:02 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-03-15 01:40 - 2017-03-04 02:01 - 01154560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Pimstore.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-03-15 01:40 - 2017-03-04 02:01 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-03-15 01:40 - 2017-03-04 02:01 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-03-15 01:40 - 2017-03-04 02:00 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-03-15 01:40 - 2017-03-04 01:59 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2017-03-15 01:40 - 2016-12-21 00:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-03-15 01:40 - 2016-10-14 23:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-03-15 01:40 - 2016-09-15 12:47 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-03-15 01:39 - 2017-03-04 03:44 - 01470816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-03-15 01:39 - 2017-03-04 03:26 - 00794416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-03-15 01:39 - 2017-03-04 03:24 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-03-15 01:39 - 2017-03-04 03:24 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2017-03-15 01:39 - 2017-03-04 03:24 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-03-15 01:39 - 2017-03-04 03:24 - 00090976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-03-15 01:39 - 2017-03-04 03:23 - 02512304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-03-15 01:39 - 2017-03-04 03:19 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-03-15 01:39 - 2017-03-04 03:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-03-15 01:39 - 2017-03-04 03:17 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2017-03-15 01:39 - 2017-03-04 03:15 - 01000280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-03-15 01:39 - 2017-03-04 03:09 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-03-15 01:39 - 2017-03-04 03:09 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-03-15 01:39 - 2017-03-04 03:09 - 00497416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-03-15 01:39 - 2017-03-04 03:09 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2017-03-15 01:39 - 2017-03-04 03:08 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-03-15 01:39 - 2017-03-04 03:04 - 01362512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-03-15 01:39 - 2017-03-04 03:04 - 01063472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 01723560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-03-15 01:39 - 2017-03-04 03:03 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 01454512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-03-15 01:39 - 2017-03-04 03:03 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-03-15 01:39 - 2017-03-04 03:01 - 00137936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-03-15 01:39 - 2017-03-04 02:56 - 00248992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-03-15 01:39 - 2017-03-04 02:54 - 02277288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-03-15 01:39 - 2017-03-04 02:52 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-03-15 01:39 - 2017-03-04 02:45 - 00173408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-03-15 01:39 - 2017-03-04 02:42 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-03-15 01:39 - 2017-03-04 02:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2017-03-15 01:39 - 2017-03-04 02:36 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DuCsps.dll
2017-03-15 01:39 - 2017-03-04 02:36 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-03-15 01:39 - 2017-03-04 02:34 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-03-15 01:39 - 2017-03-04 02:34 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2017-03-15 01:39 - 2017-03-04 02:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.UI.GameBar.dll
2017-03-15 01:39 - 2017-03-04 02:33 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2017-03-15 01:39 - 2017-03-04 02:32 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-03-15 01:39 - 2017-03-04 02:32 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2017-03-15 01:39 - 2017-03-04 02:31 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2017-03-15 01:39 - 2017-03-04 02:31 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-03-15 01:39 - 2017-03-04 02:30 - 00535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-03-15 01:39 - 2017-03-04 02:30 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-03-15 01:39 - 2017-03-04 02:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-03-15 01:39 - 2017-03-04 02:30 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2017-03-15 01:39 - 2017-03-04 02:29 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-03-15 01:39 - 2017-03-04 02:29 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2017-03-15 01:39 - 2017-03-04 02:29 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-03-15 01:39 - 2017-03-04 02:29 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfp.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 00741888 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 00462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2017-03-15 01:39 - 2017-03-04 02:28 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll
2017-03-15 01:39 - 2017-03-04 02:27 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-03-15 01:39 - 2017-03-04 02:27 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-03-15 01:39 - 2017-03-04 02:27 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-03-15 01:39 - 2017-03-04 02:27 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-03-15 01:39 - 2017-03-04 02:27 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-03-15 01:39 - 2017-03-04 02:27 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-03-15 01:39 - 2017-03-04 02:27 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddrawex.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-03-15 01:39 - 2017-03-04 02:26 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscandui.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-03-15 01:39 - 2017-03-04 02:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WPDShServiceObj.dll
2017-03-15 01:39 - 2017-03-04 02:24 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-03-15 01:39 - 2017-03-04 02:24 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-03-15 01:39 - 2017-03-04 02:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfui.dll
2017-03-15 01:39 - 2017-03-04 02:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2017-03-15 01:39 - 2017-03-04 02:23 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-03-15 01:39 - 2017-03-04 02:23 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-03-15 01:39 - 2017-03-04 02:23 - 00820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2017-03-15 01:39 - 2017-03-04 02:23 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-03-15 01:39 - 2017-03-04 02:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-03-15 01:39 - 2017-03-04 02:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-03-15 01:39 - 2017-03-04 02:22 - 01299968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-03-15 01:39 - 2017-03-04 02:22 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-03-15 01:39 - 2017-03-04 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-03-15 01:39 - 2017-03-04 02:21 - 01937920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-03-15 01:39 - 2017-03-04 02:21 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-03-15 01:39 - 2017-03-04 02:21 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\main.cpl
2017-03-15 01:39 - 2017-03-04 02:21 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-03-15 01:39 - 2017-03-04 02:21 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tapi32.dll
2017-03-15 01:39 - 2017-03-04 02:20 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-03-15 01:39 - 2017-03-04 02:20 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msutb.dll
2017-03-15 01:39 - 2017-03-04 02:19 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\csc.sys
2017-03-15 01:39 - 2017-03-04 02:19 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2017-03-15 01:39 - 2017-03-04 02:18 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2017-03-15 01:39 - 2017-03-04 02:18 - 01189376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-03-15 01:39 - 2017-03-04 02:18 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2017-03-15 01:39 - 2017-03-04 02:18 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-03-15 01:39 - 2017-03-04 02:18 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2017-03-15 01:39 - 2017-03-04 02:17 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-03-15 01:39 - 2017-03-04 02:16 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-03-15 01:39 - 2017-03-04 02:16 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-03-15 01:39 - 2017-03-04 02:16 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2017-03-15 01:39 - 2017-03-04 02:16 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-03-15 01:39 - 2017-03-04 02:16 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-03-15 01:39 - 2017-03-04 02:15 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-03-15 01:39 - 2017-03-04 02:13 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-03-15 01:39 - 2017-03-04 02:13 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-03-15 01:39 - 2017-03-04 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdshext.dll
2017-03-15 01:39 - 2017-03-04 02:12 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-03-15 01:39 - 2017-03-04 02:12 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-03-15 01:39 - 2017-03-04 02:11 - 03441664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-03-15 01:39 - 2017-03-04 02:11 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-03-15 01:39 - 2017-03-04 02:11 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 01917440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-03-15 01:39 - 2017-03-04 02:10 - 01536000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 01399296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-03-15 01:39 - 2017-03-04 02:10 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedit.exe
2017-03-15 01:39 - 2017-03-04 02:09 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-03-15 01:39 - 2017-03-04 02:09 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-03-15 01:39 - 2017-03-04 02:08 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-03-15 01:39 - 2017-03-04 02:08 - 03405312 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-03-15 01:39 - 2017-03-04 02:08 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-03-15 01:39 - 2017-03-04 02:08 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-03-15 01:39 - 2017-03-04 02:08 - 00792576 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-03-15 01:39 - 2017-03-04 02:07 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-03-15 01:39 - 2017-03-04 02:07 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-03-15 01:39 - 2017-03-04 02:07 - 01512448 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-03-15 01:39 - 2017-03-04 02:07 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-03-15 01:39 - 2017-03-04 02:06 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-03-15 01:39 - 2017-03-04 02:06 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-03-15 01:39 - 2017-03-04 02:06 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-03-15 01:39 - 2017-03-04 02:06 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-03-15 01:39 - 2017-03-04 02:05 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-03-15 01:39 - 2017-03-04 02:04 - 00753152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2fs.dll
2017-03-15 01:39 - 2017-03-04 02:04 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-03-15 01:39 - 2017-03-04 02:02 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.SecureAssessment.dll
2017-03-15 01:39 - 2017-03-04 02:01 - 01571840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-03-15 01:39 - 2017-03-04 02:01 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-03-15 01:39 - 2017-03-04 02:00 - 02003968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-03-15 01:39 - 2017-03-04 01:59 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-03-15 01:39 - 2017-03-04 01:57 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-03-15 01:39 - 2017-02-21 22:17 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-03-15 01:39 - 2016-12-09 05:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-03-15 01:39 - 2016-11-11 05:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-03-15 01:39 - 2016-11-11 05:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-03-15 01:39 - 2016-09-15 13:11 - 00725664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-03-15 01:39 - 2016-09-15 12:38 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2017-03-15 01:38 - 2017-03-04 03:15 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-03-15 01:38 - 2017-03-04 03:09 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-03-15 01:38 - 2017-03-04 03:03 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-03-15 01:38 - 2017-03-04 03:03 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2017-03-15 01:38 - 2017-03-04 02:37 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-03-15 01:38 - 2017-03-04 02:36 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-03-15 01:38 - 2017-03-04 02:34 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dggpext.dll
2017-03-15 01:38 - 2017-03-04 02:33 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2017-03-15 01:38 - 2017-03-04 02:30 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-03-15 01:38 - 2017-03-04 02:30 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-03-15 01:38 - 2017-03-04 02:30 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-03-15 01:38 - 2017-03-04 02:30 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Credentials.UI.UserConsentVerifier.dll
2017-03-15 01:38 - 2017-03-04 02:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2017-03-15 01:38 - 2017-03-04 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2017-03-15 01:38 - 2017-03-04 02:29 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-03-15 01:38 - 2017-03-04 02:29 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\tapi32.dll
2017-03-15 01:38 - 2017-03-04 02:29 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2017-03-15 01:38 - 2017-03-04 02:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2017-03-15 01:38 - 2017-03-04 02:29 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-03-15 01:38 - 2017-03-04 02:28 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2017-03-15 01:38 - 2017-03-04 02:26 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-03-15 01:38 - 2017-03-04 02:23 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-03-15 01:38 - 2017-03-04 02:23 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-03-15 01:38 - 2017-03-04 02:19 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-03-15 01:38 - 2017-03-04 02:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-03-15 01:38 - 2017-03-04 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-03-15 01:38 - 2017-03-04 02:15 - 01837056 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-03-15 01:38 - 2017-03-04 02:14 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2017-03-15 01:38 - 2017-03-04 02:13 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-03-15 01:38 - 2017-03-04 02:11 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-03-15 01:38 - 2017-03-04 02:10 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-03-15 01:38 - 2017-03-04 02:08 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-03-15 01:38 - 2017-03-04 02:07 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-03-15 01:38 - 2017-03-04 02:04 - 01826816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-03-15 01:38 - 2017-03-04 02:04 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-03-15 01:38 - 2017-03-04 02:04 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-03-15 01:38 - 2016-11-11 05:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2017-03-15 01:38 - 2016-10-14 23:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-03-15 01:37 - 2017-03-04 03:18 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2017-03-15 01:37 - 2017-03-04 03:09 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-03-15 01:37 - 2017-03-04 03:03 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-03-15 01:37 - 2017-03-04 03:03 - 00755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-03-15 01:37 - 2017-03-04 02:28 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-03-15 01:37 - 2017-03-04 02:26 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-03-15 01:37 - 2017-03-04 02:24 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-03-15 01:37 - 2017-03-04 02:23 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-03-15 01:37 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-03-15 01:37 - 2017-03-04 02:20 - 01280512 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-03-15 01:37 - 2017-03-04 02:19 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-03-15 01:37 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-03-15 01:37 - 2017-03-04 02:19 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Tabbtn.dll
2017-03-15 01:37 - 2017-03-04 02:18 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-03-15 01:37 - 2017-03-04 02:15 - 01345024 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2017-03-15 01:37 - 2017-03-04 02:10 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-03-15 01:37 - 2017-03-04 02:07 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-03-15 01:37 - 2017-03-04 02:07 - 00935936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2017-03-15 01:37 - 2017-03-04 02:07 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-03-15 01:37 - 2017-03-04 02:06 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-03-15 01:37 - 2017-03-04 02:06 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-03-15 01:37 - 2017-03-04 02:06 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-03-15 01:37 - 2017-03-04 02:03 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-03-15 01:36 - 2017-03-04 03:35 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-03-15 01:36 - 2017-03-04 03:24 - 00646688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-03-15 01:36 - 2017-03-04 03:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2017-03-15 01:36 - 2017-03-04 03:15 - 00404320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-03-15 01:36 - 2017-03-04 03:10 - 02828384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-03-15 01:36 - 2017-03-04 03:09 - 00635864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-03-15 01:36 - 2017-03-04 03:09 - 00578392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-03-15 01:36 - 2017-03-04 03:08 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-03-15 01:36 - 2017-03-04 03:08 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-03-15 01:36 - 2017-03-04 03:07 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-03-15 01:36 - 2017-03-04 03:07 - 00432992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-03-15 01:36 - 2017-03-04 03:07 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2017-03-15 01:36 - 2017-03-04 03:03 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-03-15 01:36 - 2017-03-04 03:01 - 00128648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-03-15 01:36 - 2017-03-04 02:35 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddrawex.dll
2017-03-15 01:36 - 2017-03-04 02:32 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2017-03-15 01:36 - 2017-03-04 02:32 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-03-15 01:36 - 2017-03-04 02:31 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-03-15 01:36 - 2017-03-04 02:31 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2017-03-15 01:36 - 2017-03-04 02:31 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2017-03-15 01:36 - 2017-03-04 02:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-03-15 01:36 - 2017-03-04 02:30 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-03-15 01:36 - 2017-03-04 02:30 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiohlp.dll
2017-03-15 01:36 - 2017-03-04 02:29 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-03-15 01:36 - 2017-03-04 02:28 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2017-03-15 01:36 - 2017-03-04 02:28 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2017-03-15 01:36 - 2017-03-04 02:28 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-03-15 01:36 - 2017-03-04 02:27 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-03-15 01:36 - 2017-03-04 02:27 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-03-15 01:36 - 2017-03-04 02:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-03-15 01:36 - 2017-03-04 02:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2017-03-15 01:36 - 2017-03-04 02:26 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-03-15 01:36 - 2017-03-04 02:26 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-03-15 01:36 - 2017-03-04 02:25 - 01016320 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-03-15 01:36 - 2017-03-04 02:25 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-03-15 01:36 - 2017-03-04 02:24 - 01092096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-03-15 01:36 - 2017-03-04 02:24 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-03-15 01:36 - 2017-03-04 02:24 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-03-15 01:36 - 2017-03-04 02:24 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-03-15 01:36 - 2017-03-04 02:24 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-03-15 01:36 - 2017-03-04 02:23 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-03-15 01:36 - 2017-03-04 02:23 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-03-15 01:36 - 2017-03-04 02:21 - 00776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabletPC.cpl
2017-03-15 01:36 - 2017-03-04 02:21 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-03-15 01:36 - 2017-03-04 02:20 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-03-15 01:36 - 2017-03-04 02:20 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-03-15 01:36 - 2017-03-04 02:19 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-03-15 01:36 - 2017-03-04 02:19 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\tabcal.exe
2017-03-15 01:36 - 2017-03-04 02:18 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-03-15 01:36 - 2017-03-04 02:17 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-03-15 01:36 - 2017-03-04 02:16 - 03289088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-03-15 01:36 - 2017-03-04 02:16 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2017-03-15 01:36 - 2017-03-04 02:16 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-03-15 01:36 - 2017-03-04 02:16 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-03-15 01:36 - 2017-03-04 02:15 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-03-15 01:36 - 2017-03-04 02:15 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-03-15 01:36 - 2017-03-04 02:14 - 01562112 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-03-15 01:36 - 2017-03-04 02:14 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-03-15 01:36 - 2017-03-04 02:14 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-03-15 01:36 - 2017-03-04 02:14 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-03-15 01:36 - 2017-03-04 02:13 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-03-15 01:36 - 2017-03-04 02:13 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-03-15 01:36 - 2017-03-04 02:13 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-03-15 01:36 - 2017-03-04 02:13 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-03-15 01:36 - 2017-03-04 02:13 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MultiDigiMon.exe
2017-03-15 01:36 - 2017-03-04 02:12 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-03-15 01:36 - 2017-03-04 02:11 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-03-15 01:36 - 2017-03-04 02:11 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2017-03-15 01:36 - 2017-03-04 02:11 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-03-15 01:36 - 2017-03-04 02:11 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-03-15 01:36 - 2017-03-04 02:11 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-03-15 01:36 - 2017-03-04 02:10 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-03-15 01:36 - 2017-03-04 02:10 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-03-15 01:36 - 2017-03-04 02:10 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-03-15 01:36 - 2017-03-04 02:09 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-03-15 01:36 - 2017-03-04 02:08 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-03-15 01:36 - 2017-03-04 02:07 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-03-15 01:36 - 2017-03-04 02:07 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-03-15 01:36 - 2017-03-04 02:07 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-03-15 01:36 - 2017-03-04 02:07 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 04060672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 02475008 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-03-15 01:36 - 2017-03-04 02:06 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-03-15 01:36 - 2017-03-04 02:05 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-03-15 01:36 - 2017-03-04 02:04 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-03-15 01:36 - 2017-03-04 02:02 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-03-15 01:36 - 2017-03-04 02:01 - 03478528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-03-15 01:36 - 2016-11-11 05:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-03-15 01:36 - 2016-11-11 05:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-03-15 01:36 - 2016-11-11 05:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-03-15 01:36 - 2016-11-02 06:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2017-03-15 01:36 - 2016-10-14 23:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2017-03-15 01:36 - 2016-10-14 23:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2017-03-15 01:36 - 2016-10-14 23:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-03-15 01:35 - 2017-03-04 03:57 - 00192352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-03-15 01:35 - 2017-03-04 03:35 - 00655200 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-03-15 01:35 - 2017-03-04 03:35 - 00315232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-03-15 01:35 - 2017-03-04 03:35 - 00242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-03-15 01:35 - 2017-03-04 03:35 - 00086368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-03-15 01:35 - 2017-03-04 03:35 - 00038240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-03-15 01:35 - 2017-03-04 03:27 - 02170720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-03-15 01:35 - 2017-03-04 03:25 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-03-15 01:35 - 2017-03-04 03:24 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-03-15 01:35 - 2017-03-04 03:24 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-03-15 01:35 - 2017-03-04 03:22 - 01354312 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-03-15 01:35 - 2017-03-04 03:22 - 01172984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-03-15 01:35 - 2017-03-04 03:21 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-03-15 01:35 - 2017-03-04 03:20 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-03-15 01:35 - 2017-03-04 03:20 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-03-15 01:35 - 2017-03-04 03:13 - 00635456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-03-15 01:35 - 2017-03-04 03:11 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-03-15 01:35 - 2017-03-04 03:08 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-03-15 01:35 - 2017-03-04 03:08 - 00342456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-03-15 01:35 - 2017-03-04 03:07 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-03-15 01:35 - 2017-03-04 03:07 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-03-15 01:35 - 2017-03-04 03:07 - 00110944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2017-03-15 01:35 - 2017-03-04 03:07 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-03-15 01:35 - 2017-03-04 03:01 - 00201568 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-03-15 01:35 - 2017-03-04 02:58 - 01416224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-03-15 01:35 - 2017-03-04 02:58 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-03-15 01:35 - 2017-03-04 02:37 - 00025088 _____ C:\WINDOWS\system32\GamePanelExternalHook.dll
2017-03-15 01:35 - 2017-03-04 02:36 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-03-15 01:35 - 2017-03-04 02:36 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-03-15 01:35 - 2017-03-04 02:36 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-03-15 01:35 - 2017-03-04 02:34 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfui.dll
2017-03-15 01:35 - 2017-03-04 02:34 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-03-15 01:35 - 2017-03-04 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2017-03-15 01:35 - 2017-03-04 02:33 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothDesktopHandlers.dll
2017-03-15 01:35 - 2017-03-04 02:33 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\XInputUap.dll
2017-03-15 01:35 - 2017-03-04 02:32 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-03-15 01:35 - 2017-03-04 02:30 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscandui.dll
2017-03-15 01:35 - 2017-03-04 02:30 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-03-15 01:35 - 2017-03-04 02:28 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-03-15 01:35 - 2017-03-04 02:28 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-03-15 01:35 - 2017-03-04 02:26 - 00643072 _____ (Microsoft Corporation) C:\WINDOWS\system32\main.cpl
2017-03-15 01:35 - 2017-03-04 02:26 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msutb.dll
2017-03-15 01:35 - 2017-03-04 02:26 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-03-15 01:35 - 2017-03-04 02:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-03-15 01:35 - 2017-03-04 02:24 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-03-15 01:35 - 2017-03-04 02:23 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2017-03-15 01:35 - 2017-03-04 02:21 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-03-15 01:35 - 2017-03-04 02:20 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-03-15 01:35 - 2017-03-04 02:20 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2017-03-15 01:35 - 2017-03-04 02:18 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\regedit.exe
2017-03-15 01:35 - 2017-03-04 02:17 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-03-15 01:35 - 2017-03-04 02:16 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-03-15 01:35 - 2017-03-04 02:13 - 00961024 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2017-03-15 01:35 - 2017-03-04 02:13 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-03-15 01:35 - 2017-03-04 02:11 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-03-15 01:35 - 2017-03-04 02:08 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-03-15 01:35 - 2017-03-04 02:03 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-03-15 01:35 - 2016-09-15 12:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2017-03-15 00:26 - 2017-03-15 00:26 - 00002297 _____ C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Start Menu\SSD Optimization Utility.lnk
2017-03-14 13:51 - 2017-04-05 19:58 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-14 13:51 - 2017-04-05 19:58 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-14 13:50 - 2017-04-11 10:56 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-14 13:50 - 2017-04-11 10:56 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-13 14:58 - 2017-03-08 15:19 - 00055149 _____ C:\WINDOWS\ZAM.krnl.trace
2017-04-13 14:58 - 2017-03-08 15:19 - 00019740 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-04-13 14:52 - 2015-12-06 23:42 - 03117832 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-13 14:51 - 2017-03-12 23:19 - 04979242 _____ C:\WINDOWS\ntbtlog.txt
2017-04-13 14:47 - 2017-02-08 21:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-13 14:47 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-13 14:06 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-13 14:05 - 2015-12-06 23:54 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-13 13:57 - 2017-02-08 21:11 - 00000000 ____D C:\Users\Celeste
2017-04-13 13:03 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache
2017-04-13 13:02 - 2017-02-08 21:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-13 12:18 - 2017-02-15 12:29 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8252F8A0-2829-48F0-A48B-813CD73FC125}
2017-04-13 12:17 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-13 12:17 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-13 00:25 - 2017-02-23 13:49 - 00000000 ____D C:\Users\Celeste\AppData\Local\ElevatedDiagnostics
2017-04-12 23:13 - 2017-02-20 16:34 - 00000000 ____D C:\ProgramData\VMware
2017-04-12 23:13 - 2017-02-20 16:34 - 00000000 ____D C:\Program Files (x86)\VMware
2017-04-12 23:00 - 2017-03-03 12:48 - 00000000 ____D C:\Program Files\Wireshark
2017-04-12 16:38 - 2017-02-15 05:02 - 00000033 _____ C:\Users\Celeste\AppData\Roaming\AdobeWLCMCache.dat
2017-04-12 16:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-04-12 16:32 - 2016-07-16 02:04 - 00065536 _____ C:\WINDOWS\system32\config\ELAM
2017-04-12 16:31 - 2017-03-10 13:48 - 00000000 ____D C:\Program Files\Common Files\AV
2017-04-12 11:15 - 2017-02-10 15:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-04-12 11:14 - 2017-02-10 15:08 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-04-12 10:49 - 2017-03-10 10:46 - 00003638 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-04-12 01:15 - 2017-02-08 21:09 - 00581904 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\setup
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-12 01:14 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-12 01:14 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-12 00:22 - 2017-02-08 23:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-12 00:21 - 2017-02-08 23:37 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-12 00:21 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-12 00:16 - 2017-02-08 20:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Packages
2017-04-12 00:04 - 2017-02-13 14:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-11 21:40 - 2017-03-09 22:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\CrashDumps
2017-04-11 19:14 - 2017-02-17 02:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\TogglDesktop
2017-04-10 09:52 - 2017-02-08 23:38 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-01 14:52 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-01 14:52 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-28 10:24 - 2017-02-16 10:14 - 00034784 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-03-28 02:20 - 2017-02-08 21:11 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-03-26 19:13 - 2017-03-09 11:56 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-26 16:46 - 2017-02-09 01:20 - 00000000 ____D C:\Users\Celeste\AppData\Temp
2017-03-26 15:50 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Globalization
2017-03-26 14:23 - 2017-03-12 23:39 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-03-25 23:40 - 2017-02-14 19:28 - 00000000 ____D C:\Program Files\VS Revo Group
2017-03-25 19:53 - 2017-03-11 02:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-25 17:48 - 2017-02-08 21:52 - 00000000 ____D C:\Users\Celeste\AppData\Local\Google
2017-03-20 10:14 - 2017-03-02 14:46 - 00000000 ____D C:\ProgramData\NordVPN
2017-03-20 10:14 - 2017-03-02 14:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\NordVPN
2017-03-20 10:14 - 2017-03-02 14:44 - 00000000 ____D C:\Program Files (x86)\NordVPN
2017-03-20 10:13 - 2017-03-02 14:44 - 00003386 _____ C:\WINDOWS\System32\Tasks\NordVPN
2017-03-20 10:13 - 2017-03-02 14:42 - 00000000 ____D C:\Users\Celeste\AppData\Roaming\NordVPN
2017-03-16 17:15 - 2017-02-13 14:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-16 16:39 - 2017-02-08 20:27 - 00000000 ___RD C:\Users\Celeste\OneDrive
2017-03-16 16:34 - 2017-02-12 23:48 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-16 16:34 - 2017-02-12 23:48 - 00000000 ____D C:\Program Files\CCleaner
2017-03-15 03:18 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-03-15 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-03-15 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-03-15 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-03-15 03:18 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\System
2017-03-15 03:16 - 2016-07-16 07:42 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comuid.dll
2017-03-15 03:16 - 2016-07-16 07:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowslivelogin.dll
2017-03-15 03:15 - 2016-07-16 07:44 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-03-15 03:15 - 2016-07-16 07:42 - 02222080 _____ (Microsoft Corporation) C:\WINDOWS\system32\certmgr.dll
2017-03-15 03:15 - 2016-07-16 07:42 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certmgr.dll
2017-03-15 03:15 - 2016-07-16 07:42 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\comuid.dll
2017-03-15 03:15 - 2016-07-16 07:42 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-03-15 03:15 - 2016-07-16 07:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-03-15 01:50 - 2017-02-22 19:47 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-03-15 01:12 - 2016-07-16 07:42 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2017-03-15 01:11 - 2016-07-16 07:42 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-03-15 00:25 - 2017-02-08 20:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\VirtualStore
2017-03-14 22:51 - 2017-02-08 20:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Comms
2017-03-14 13:50 - 2017-02-08 21:52 - 00000000 ____D C:\Program Files (x86)\Google
 
==================== Files in the root of some directories =======
 
2017-02-15 05:02 - 2017-04-12 16:38 - 0000033 _____ () C:\Users\Celeste\AppData\Roaming\AdobeWLCMCache.dat
2017-04-03 12:31 - 2017-04-13 14:02 - 59677696 _____ () C:\Users\Celeste\AppData\Local\SageThumbs.db3
2017-02-27 21:26 - 2017-02-27 21:26 - 0048234 _____ () C:\ProgramData\agent.1488245202.bdinstall.bin
2017-02-27 21:34 - 2017-02-27 21:34 - 0386683 _____ () C:\ProgramData\cl.1488245381.bdinstall.bin
2017-03-10 13:43 - 2017-03-10 13:43 - 0219427 _____ () C:\ProgramData\cl.uninstall.1489167720.bdinstall.bin
2017-02-27 21:37 - 2017-02-27 21:37 - 0056844 _____ () C:\ProgramData\dm.1488245813.bdinstall.bin
2017-03-10 13:33 - 2017-03-10 13:33 - 0036528 _____ () C:\ProgramData\dm.uninstall.1489167174.bdinstall.bin
 
Some files in TEMP:
====================
2017-03-25 20:16 - 2017-02-09 00:06 - 1886344 _____ (Microsoft Corporation) C:\Users\Celeste\AppData\Local\Temp\dllnt_dump.dll
2017-04-12 16:29 - 2017-04-12 16:29 - 7178424 _____ (VS Revo Group                                               ) C:\Users\Celeste\AppData\Local\Temp\VSUSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-13 00:25
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
# AdwCleaner v6.045 - Logfile created 13/04/2017 at 13:57:48
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-04-13.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Celeste - CMTC
# Running from : C:\Users\Celeste\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3373D3FF-FC71-40AD-BD46-DEBD2932B039&SearchSource=55&CUI=&UM=6&UP=SPB4AC019A-2371-4EA1-B537-C380D7B548D9&SSPV=
[-] [C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: dcpfhaghaadpjpgocojgnlhjcieeooel
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1370 Bytes] - [13/04/2017 13:57:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1659 Bytes] - [13/04/2017 13:57:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1516 Bytes] ##########
 

Attached Files


Edited by cmtc, 13 April 2017 - 02:45 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 14 April 2017 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Before you save this Fixlist I suggest you rename SORORITY to the original site...


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR StartupUrls: Default -> "hxxp://SORORITY/","hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3373D3FF-FC71-40AD-BD46-DEBD2932B039&SearchSource=55&CUI=&UM=6&UP=SPB4AC019A-2371-4EA1-B537-C380D7B548D9&SSPV=","hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-14]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 14 April 2017 - 11:02 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Celeste (14-04-2017 11:48:26) Run:1
Running from C:\Users\Celeste\Desktop
Loaded Profiles: Celeste (Available Profiles: Celeste)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
CHR StartupUrls: Default -> "hxxp://tridelta.org/","hxxp://www.trovi.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=M3373D3FF-FC71-40AD-BD46-DEBD2932B039&SearchSource=55&CUI=&UM=6&UP=SPB4AC019A-2371-4EA1-B537-C380D7B548D9&SSPV=","hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Chrome Media Router) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-14]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
Chrome StartupUrls => removed successfully
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\VMnetAdapter => key removed successfully
VMnetAdapter => service removed successfully
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7} => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20103875 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 160067061 B
Edge => 2636994 B
Chrome => 336766693 B
Firefox => 0 B
Opera => 32915667 B
 
Temp, IE cache, history, cookies, recent:
Default => 3408 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 8992 B
NetworkService => 971690 B
Celeste => 8237607707 B
 
RecycleBin => 49037175 B
EmptyTemp: => 8.2 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:49:31 ====

Attached is the fix log. I think there are still unknown wifi conversations. 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 15 April 2017 - 07:13 AM

Sorry but the Addition.txt file was not attached.


How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.

Click the Add reply button.

p.s.
It's a two steps process.

#5 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 15 April 2017 - 04:15 PM

Hello,

My apologies I will be more attentive to my posts when following your instructions.  Attached is the addition.txt.  

 

This is the only available addition.txt present on my Desktop (where FRST is), I'm not sure whether it is the same as the one I attached on my first post, but what was a new one supposed to be generated with the fixlog.txt run?  Did I miss a step?  Sorry for the confusion.

Best,

 

Attached File  Addition.txt   29.94KB   1 downloads


Edited by cmtc, 15 April 2017 - 04:20 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 16 April 2017 - 07:59 AM


Nothing bad in your Addition.txt log just a cleanup of empty registry keys.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

p.s.
The addition.txt file was created the first time you run the Farbar tool.
To create an other one you must check the box to create one. There is no need to create an other one new.

#7 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 16 April 2017 - 12:41 PM

Thanks for the explanation!  Still a lot of TCP/UDP chatter but so far so good :)  Below is the fixlog.  Do I attach addition everytime?
 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-04-2017
Ran by Celeste (16-04-2017 13:08:25) Run:2
Running from C:\Users\Celeste\Desktop
Loaded Profiles: Celeste (Available Profiles: Celeste)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Celeste\AppData\Local\Microsoft\OneDrive\17.3.6743.1212_1\amd64\FileSyncShell64.dll => No F (the data entry has 3 more characters).
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-030B4F2C78C7} => key not found. 
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => key removed successfully
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => key removed successfully
HKU\S-1-5-21-4258997470-2544957498-1303716156-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 13:08:33 ====

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 17 April 2017 - 08:18 AM

Still a lot of TCP/UDP chatter but so far so good

Since you are using a VPN this may be an interested article for you.
https://servercomparator.com/vpn/qa/tcp-or-udp

This not my forte. If you have any questions I suggest you start a new topic in the Networking form.
An expert should be able to guide you better than I can.

The forum URL
https://www.bleepingcomputer.com/forums/f/21/networking/

==

p.s.
Your Appdata\local folder is accumulating temporary FOLDERS of this nature.
C:\Users\Celeste\AppData\Local\Tempzxpsign*****

Check the FRST log you have submitted.

These folders are created by Adobe.
http://blog.nalates.net/2016/11/12/adobe-tempzxpsign-temporary-files/


If these folder are still around after you have executed the JunkRemovel tool run this fix.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 

start

CloseProcesses:

2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign813365a7ed1fa3d8
2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2f482bff312cc6da
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf6cacc12dc3b2f49
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign158ef70d1662155c
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign088fcd6d5998d451
2017-04-10 13:52 - 2017-04-10 13:52 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign137f76bc548d9e77
2017-04-10 12:27 - 2017-04-10 12:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign42d0dff6f01a8126
2017-04-10 12:22 - 2017-04-10 12:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign92ec9e8ee13824a2
2017-04-10 11:47 - 2017-04-10 11:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1a4fcb65cb91639
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc413fb64a1acb062
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8915c8b3b6df68e3
2017-04-10 09:53 - 2017-04-10 09:53 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna9205856cf9c951b
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigneafc3bad522aea8e
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndea732882f0a9172
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign87914161251a393c
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign86724d33b0c989e6
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38590b2853d24b4a
2017-04-07 17:23 - 2017-04-07 17:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5bc1ce468d5f9e16
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign996102c4405d6efa
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign028bea1a09395d64
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2ea1c47f7d66bee
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e93a85d42b77c86
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign873032e641fc00a0
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7907c1fcefbed611
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6d8e5d118c21e0bf
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf260fa9dfe26dc0a
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd10a2ed6d91efa2e
2017-04-06 20:11 - 2017-04-06 20:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c1da7cc44386847
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne48c042b54ae271a
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign88d4f49c71346fec
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign247ad35163c1855e
2017-04-05 21:09 - 2017-04-05 21:09 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3ba72e556039493f
2017-04-05 21:04 - 2017-04-05 21:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3320b26733a5e77
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign60c2f859313fd47f
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1956e173a4f9da71
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfb5da4b00e9b007e
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8f3753d9dffe9755
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bf2e82e4b7a8f4e
2017-04-04 14:36 - 2017-04-04 14:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1744ee882e8fcff0
2017-04-04 12:35 - 2017-04-04 12:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc0fec8449e2dd5c2
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2470f7d936a1164
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7dd71e537b5486fb
2017-04-03 13:29 - 2017-04-03 13:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne27e5a6a00a38f7c
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndd82a62442e759ca
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign97879d78e0527b9f
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign984487deaec3ae1d
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign21cb87ddc503f07e
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74fddd78d322fdbc
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41bada228055a929
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign19dc1e9124767e17
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9ea6ae69f5b1ef1e
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign61947d31566f4d92
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b6273a2c89f46e4
2017-03-31 20:41 - 2017-03-31 20:41 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38d324d8982e3f8c
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndf50b0379769b619
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd04f2bdaacf278ea
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncee7589a31709333
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbd2cccf27f3eae28
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bda3497101d67c0
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c94d8c85fc999d3
2017-03-31 14:01 - 2017-03-31 14:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2d3e99a9eef64df2
2017-03-31 13:24 - 2017-03-31 13:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign775e35da2fb5b6e2
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne600d025232d8003
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c8c7c1db06e1411
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign461488dc6747fd15
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4028f88b6d97f8ec
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3f4fa90b4a0efb2
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign67dc696372b5b4d1
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ebb744283df2d01
2017-03-30 20:01 - 2017-03-30 20:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign50b828539a2a8ad6
2017-03-30 14:02 - 2017-03-30 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05ebe4dc32fa69d0
2017-03-30 12:28 - 2017-03-30 12:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf16d9f457ea75668
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign481b9c7fc3aa2770
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b165c5ee62643ef
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfed6837d49ca69ec
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignda27417d1f54df65
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign81d9fd5722e4176e
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74d5a79c0864e41d
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5b518cbcd849e279
2017-03-29 10:43 - 2017-03-29 10:43 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7e2c1bd3de259ffa
2017-03-29 10:05 - 2017-03-29 10:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncc4a43cb9b0d1650
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne307521f42998ea7
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc782fe53a4e64867
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign582b53e0d9913cfd
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign77fd9f2ddea676f8
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign37e1886a0f551013
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc623ad7612d12c1a
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0f262a267d8afc64
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign039cf8aca6caa2a9
2017-03-28 16:28 - 2017-03-28 16:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign619c6623e8e2c0db
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna360dae61b28023e
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign26f664604e7d3262
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc6ee1d7c4c84c994
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign58d6bd03641358a0
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc1c61e840c87cc42
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8a7b1054c7b4ffe5
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7481d1f5626fde38
2017-03-28 15:45 - 2017-03-28 15:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign84ed8529bec13c11
2017-03-28 15:32 - 2017-03-28 15:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna7ca8f2d6ec00c61
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna6777431be22c432
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign65cd7af392c8ac7a
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign477a4ab38bff624a
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2db2cbfb53040b99
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c46335e157081a1
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf49927039ac5c1e4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf2c1a9319454c3d4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8eeb7c40f81c43b
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b186da34aedca7f
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign125eb44a7e732d80
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc2e28877206dcc55
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbbd6701236d5f69f
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign819aabdb35d5397e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign89993517d5e8575e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign646d7d943a816c4e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c4b2eec6c49f3a8
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e300beb256c3a1b
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05696fc65083f1f9
2017-03-24 14:47 - 2017-03-24 14:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign098a755583eb0616
2017-03-24 14:02 - 2017-03-24 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign685365c44f315871
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1794e6e1517aa08
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6fa7f3ff7793c375
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7de2e091ffadcd60
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79421310a58e5760
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigned20bae9be516597
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41b0bcc2632b4b2f
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne5f08ab27c64aa71
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbf23c6d29b67927c
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb841be77f1d7cf8a
2017-03-23 19:37 - 2017-03-23 19:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbb68401c809dd4bc
2017-03-23 19:33 - 2017-03-23 19:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc16f620ffa08cc29
2017-03-23 19:32 - 2017-03-23 19:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3fae703febb710e5
2017-03-23 19:07 - 2017-03-23 19:07 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne7738706fe0f88c7
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndc039b3efa7f8e6f
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd868fe7958a2ef23
2017-03-23 18:59 - 2017-03-23 18:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign09164536a6b6ce69
2017-03-23 18:58 - 2017-03-23 18:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79e64212b13bb343
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb82c23a297e38f1b
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna70c8ed933c9fc0a
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0452ba66cdfa4174
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2339436e0101fba
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6f4beace4f784d42
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd7635daacc079974
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c888474eb4be0d8
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1e629303ecd15118
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncb4b72a6fc3a0774
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb52caa477daf6c07
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignce8a652f09e5db02
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign82e1e909df7196e0
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4f1d4e7bb892b8ea
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne558eefdc56dacb1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc934afc475956ef1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6a4040bdb1e21b77
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b29b84ab46c3e0c
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign08138759ddcf97fa
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignaf0e509147838d54
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign47fa5528820fd89d
2017-03-20 11:11 - 2017-03-20 11:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8dcfaeb75e14aa57
2017-03-20 10:40 - 2017-03-20 10:40 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign17e44be0f5400b82
2017-03-20 10:39 - 2017-03-20 10:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign855f869da9422075
2017-03-20 10:38 - 2017-03-20 10:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9b572d7090c1aef6
2017-03-20 10:36 - 2017-03-20 10:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2c8d513f42ffe4b0
2017-03-20 10:31 - 2017-03-20 10:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign554cdce57e97ee60
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8d6e97f21305ab5
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5dcfdbac8dc3aadd
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9dc7745c1561ccda
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign35073e2c15541c7d
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd747fab2f235da34
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9d9821123f892ded
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ecb08b8163bdc70
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4ca5998cdab314ca
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign412bc7cddf0303ed
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign328f37f1f0d0bab8
2017-03-15 14:03 - 2017-03-15 14:03 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd5bc30467b208f4c
2017-03-15 14:02 - 2017-03-15 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c882e904b05ebe2
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne2232959865ffe01
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign95d435b96a4c06e0
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb33b9e3cd05444d9
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0d95174067356e69
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf69f1dd92aa863d3
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndda8bb86185359d9
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb1ae54e7065d1616
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7b6038a8d4f0e8be
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ec952f958ca6e89

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#9 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 17 April 2017 - 10:23 AM

Hello!

The VPN I have installed I have discontinued using it since the problems occurred to make sure that it wasn't the problem and was not going to use it again until the problem has been fixed.

I have an external hard drive my Adobe temp cache has been programmed to be created in which is always plugged in when using those programs so I am not sure while those are being created!

Could bots be caused by malware?  I think the traffic is hinting to something similar in that nature.  A lot of the heavy disk/Network usage is coming from the svchost.exe (I think netsvcs), the chrome.exe even when chrome is not running and unlabeled [System Process].  When I suspended the chrome.exe disk process the explorer.exe took over. :(

Thank you so much for your patience.
 

Below are the logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Celeste (17-04-2017 11:13:23) Run:3
Running from C:\Users\Celeste\Desktop
Loaded Profiles: Celeste (Available Profiles: Celeste)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign813365a7ed1fa3d8
2017-04-12 16:39 - 2017-04-12 16:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2f482bff312cc6da
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf6cacc12dc3b2f49
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign158ef70d1662155c
2017-04-12 16:38 - 2017-04-12 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign088fcd6d5998d451
2017-04-10 13:52 - 2017-04-10 13:52 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign137f76bc548d9e77
2017-04-10 12:27 - 2017-04-10 12:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign42d0dff6f01a8126
2017-04-10 12:22 - 2017-04-10 12:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign92ec9e8ee13824a2
2017-04-10 11:47 - 2017-04-10 11:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1a4fcb65cb91639
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc413fb64a1acb062
2017-04-10 11:39 - 2017-04-10 11:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8915c8b3b6df68e3
2017-04-10 09:53 - 2017-04-10 09:53 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna9205856cf9c951b
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigneafc3bad522aea8e
2017-04-10 09:45 - 2017-04-10 09:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndea732882f0a9172
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign87914161251a393c
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign86724d33b0c989e6
2017-04-10 09:44 - 2017-04-10 09:44 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38590b2853d24b4a
2017-04-07 17:23 - 2017-04-07 17:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5bc1ce468d5f9e16
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign996102c4405d6efa
2017-04-07 17:22 - 2017-04-07 17:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign028bea1a09395d64
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2ea1c47f7d66bee
2017-04-07 16:38 - 2017-04-07 16:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e93a85d42b77c86
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign873032e641fc00a0
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7907c1fcefbed611
2017-04-07 16:35 - 2017-04-07 16:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6d8e5d118c21e0bf
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf260fa9dfe26dc0a
2017-04-06 20:12 - 2017-04-06 20:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd10a2ed6d91efa2e
2017-04-06 20:11 - 2017-04-06 20:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c1da7cc44386847
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne48c042b54ae271a
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign88d4f49c71346fec
2017-04-06 20:10 - 2017-04-06 20:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign247ad35163c1855e
2017-04-05 21:09 - 2017-04-05 21:09 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3ba72e556039493f
2017-04-05 21:04 - 2017-04-05 21:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3320b26733a5e77
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign60c2f859313fd47f
2017-04-04 14:38 - 2017-04-04 14:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1956e173a4f9da71
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfb5da4b00e9b007e
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8f3753d9dffe9755
2017-04-04 14:37 - 2017-04-04 14:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bf2e82e4b7a8f4e
2017-04-04 14:36 - 2017-04-04 14:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1744ee882e8fcff0
2017-04-04 12:35 - 2017-04-04 12:35 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc0fec8449e2dd5c2
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2470f7d936a1164
2017-04-04 12:33 - 2017-04-04 12:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7dd71e537b5486fb
2017-04-03 13:29 - 2017-04-03 13:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne27e5a6a00a38f7c
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndd82a62442e759ca
2017-04-03 13:28 - 2017-04-03 13:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign97879d78e0527b9f
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign984487deaec3ae1d
2017-04-03 13:27 - 2017-04-03 13:27 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign21cb87ddc503f07e
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74fddd78d322fdbc
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41bada228055a929
2017-04-03 13:22 - 2017-04-03 13:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign19dc1e9124767e17
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9ea6ae69f5b1ef1e
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign61947d31566f4d92
2017-04-03 12:25 - 2017-04-03 12:25 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b6273a2c89f46e4
2017-03-31 20:41 - 2017-03-31 20:41 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign38d324d8982e3f8c
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndf50b0379769b619
2017-03-31 20:18 - 2017-03-31 20:18 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd04f2bdaacf278ea
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncee7589a31709333
2017-03-31 20:16 - 2017-03-31 20:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbd2cccf27f3eae28
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1bda3497101d67c0
2017-03-31 20:04 - 2017-03-31 20:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c94d8c85fc999d3
2017-03-31 14:01 - 2017-03-31 14:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2d3e99a9eef64df2
2017-03-31 13:24 - 2017-03-31 13:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign775e35da2fb5b6e2
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne600d025232d8003
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c8c7c1db06e1411
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign461488dc6747fd15
2017-03-31 13:17 - 2017-03-31 13:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4028f88b6d97f8ec
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna3f4fa90b4a0efb2
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign67dc696372b5b4d1
2017-03-31 13:14 - 2017-03-31 13:14 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ebb744283df2d01
2017-03-30 20:01 - 2017-03-30 20:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign50b828539a2a8ad6
2017-03-30 14:02 - 2017-03-30 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05ebe4dc32fa69d0
2017-03-30 12:28 - 2017-03-30 12:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf16d9f457ea75668
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign481b9c7fc3aa2770
2017-03-30 12:11 - 2017-03-30 12:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b165c5ee62643ef
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignfed6837d49ca69ec
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignda27417d1f54df65
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign81d9fd5722e4176e
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign74d5a79c0864e41d
2017-03-30 12:10 - 2017-03-30 12:10 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5b518cbcd849e279
2017-03-29 10:43 - 2017-03-29 10:43 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7e2c1bd3de259ffa
2017-03-29 10:05 - 2017-03-29 10:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncc4a43cb9b0d1650
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne307521f42998ea7
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc782fe53a4e64867
2017-03-29 10:01 - 2017-03-29 10:01 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign582b53e0d9913cfd
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign77fd9f2ddea676f8
2017-03-29 09:23 - 2017-03-29 09:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign37e1886a0f551013
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc623ad7612d12c1a
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0f262a267d8afc64
2017-03-29 09:12 - 2017-03-29 09:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign039cf8aca6caa2a9
2017-03-28 16:28 - 2017-03-28 16:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign619c6623e8e2c0db
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna360dae61b28023e
2017-03-28 16:24 - 2017-03-28 16:24 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign26f664604e7d3262
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc6ee1d7c4c84c994
2017-03-28 16:12 - 2017-03-28 16:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign58d6bd03641358a0
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc1c61e840c87cc42
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8a7b1054c7b4ffe5
2017-03-28 16:11 - 2017-03-28 16:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7481d1f5626fde38
2017-03-28 15:45 - 2017-03-28 15:45 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign84ed8529bec13c11
2017-03-28 15:32 - 2017-03-28 15:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna7ca8f2d6ec00c61
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna6777431be22c432
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign65cd7af392c8ac7a
2017-03-28 15:31 - 2017-03-28 15:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign477a4ab38bff624a
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2db2cbfb53040b99
2017-03-26 16:04 - 2017-03-26 16:04 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0c46335e157081a1
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf49927039ac5c1e4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf2c1a9319454c3d4
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8eeb7c40f81c43b
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4b186da34aedca7f
2017-03-24 22:17 - 2017-03-24 22:17 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign125eb44a7e732d80
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc2e28877206dcc55
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbbd6701236d5f69f
2017-03-24 21:28 - 2017-03-24 21:28 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign819aabdb35d5397e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign89993517d5e8575e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign646d7d943a816c4e
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3c4b2eec6c49f3a8
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2e300beb256c3a1b
2017-03-24 21:05 - 2017-03-24 21:05 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign05696fc65083f1f9
2017-03-24 14:47 - 2017-03-24 14:47 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign098a755583eb0616
2017-03-24 14:02 - 2017-03-24 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign685365c44f315871
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne1794e6e1517aa08
2017-03-24 13:51 - 2017-03-24 13:51 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6fa7f3ff7793c375
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7de2e091ffadcd60
2017-03-24 13:48 - 2017-03-24 13:48 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79421310a58e5760
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigned20bae9be516597
2017-03-24 03:31 - 2017-03-24 03:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign41b0bcc2632b4b2f
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne5f08ab27c64aa71
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbf23c6d29b67927c
2017-03-24 03:30 - 2017-03-24 03:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb841be77f1d7cf8a
2017-03-23 19:37 - 2017-03-23 19:37 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignbb68401c809dd4bc
2017-03-23 19:33 - 2017-03-23 19:33 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc16f620ffa08cc29
2017-03-23 19:32 - 2017-03-23 19:32 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign3fae703febb710e5
2017-03-23 19:07 - 2017-03-23 19:07 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne7738706fe0f88c7
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndc039b3efa7f8e6f
2017-03-23 19:06 - 2017-03-23 19:06 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd868fe7958a2ef23
2017-03-23 18:59 - 2017-03-23 18:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign09164536a6b6ce69
2017-03-23 18:58 - 2017-03-23 18:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign79e64212b13bb343
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb82c23a297e38f1b
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna70c8ed933c9fc0a
2017-03-23 18:55 - 2017-03-23 18:55 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0452ba66cdfa4174
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna2339436e0101fba
2017-03-22 14:23 - 2017-03-22 14:23 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6f4beace4f784d42
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd7635daacc079974
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c888474eb4be0d8
2017-03-22 14:22 - 2017-03-22 14:22 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1e629303ecd15118
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigncb4b72a6fc3a0774
2017-03-22 13:59 - 2017-03-22 13:59 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb52caa477daf6c07
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignce8a652f09e5db02
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign82e1e909df7196e0
2017-03-22 13:58 - 2017-03-22 13:58 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4f1d4e7bb892b8ea
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne558eefdc56dacb1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignc934afc475956ef1
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign6a4040bdb1e21b77
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign1b29b84ab46c3e0c
2017-03-22 13:56 - 2017-03-22 13:56 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign08138759ddcf97fa
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignaf0e509147838d54
2017-03-20 11:13 - 2017-03-20 11:13 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign47fa5528820fd89d
2017-03-20 11:11 - 2017-03-20 11:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign8dcfaeb75e14aa57
2017-03-20 10:40 - 2017-03-20 10:40 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign17e44be0f5400b82
2017-03-20 10:39 - 2017-03-20 10:39 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign855f869da9422075
2017-03-20 10:38 - 2017-03-20 10:38 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9b572d7090c1aef6
2017-03-20 10:36 - 2017-03-20 10:36 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign2c8d513f42ffe4b0
2017-03-20 10:31 - 2017-03-20 10:31 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign554cdce57e97ee60
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigna8d6e97f21305ab5
2017-03-20 10:30 - 2017-03-20 10:30 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5dcfdbac8dc3aadd
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9dc7745c1561ccda
2017-03-20 10:29 - 2017-03-20 10:29 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign35073e2c15541c7d
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd747fab2f235da34
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign9d9821123f892ded
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ecb08b8163bdc70
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4ca5998cdab314ca
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign412bc7cddf0303ed
2017-03-20 10:16 - 2017-03-20 10:16 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign328f37f1f0d0bab8
2017-03-15 14:03 - 2017-03-15 14:03 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignd5bc30467b208f4c
2017-03-15 14:02 - 2017-03-15 14:02 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign4c882e904b05ebe2
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigne2232959865ffe01
2017-03-15 13:20 - 2017-03-15 13:20 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign95d435b96a4c06e0
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb33b9e3cd05444d9
2017-03-15 13:11 - 2017-03-15 13:11 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign0d95174067356e69
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignf69f1dd92aa863d3
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsigndda8bb86185359d9
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsignb1ae54e7065d1616
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign7b6038a8d4f0e8be
2017-03-15 12:12 - 2017-03-15 12:12 - 00000000 ____D C:\Users\Celeste\AppData\Local\Tempzxpsign5ec952f958ca6e89
 
End
*****************
 
Processes closed successfully.
C:\Users\Celeste\AppData\Local\Tempzxpsign813365a7ed1fa3d8 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2f482bff312cc6da => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf6cacc12dc3b2f49 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign158ef70d1662155c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign088fcd6d5998d451 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign137f76bc548d9e77 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign42d0dff6f01a8126 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign92ec9e8ee13824a2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne1a4fcb65cb91639 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc413fb64a1acb062 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign8915c8b3b6df68e3 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna9205856cf9c951b => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigneafc3bad522aea8e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigndea732882f0a9172 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign87914161251a393c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign86724d33b0c989e6 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign38590b2853d24b4a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5bc1ce468d5f9e16 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign996102c4405d6efa => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign028bea1a09395d64 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna2ea1c47f7d66bee => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2e93a85d42b77c86 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign873032e641fc00a0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7907c1fcefbed611 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign6d8e5d118c21e0bf => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf260fa9dfe26dc0a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd10a2ed6d91efa2e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign3c1da7cc44386847 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne48c042b54ae271a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign88d4f49c71346fec => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign247ad35163c1855e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign3ba72e556039493f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna3320b26733a5e77 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign60c2f859313fd47f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1956e173a4f9da71 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignfb5da4b00e9b007e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign8f3753d9dffe9755 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1bf2e82e4b7a8f4e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1744ee882e8fcff0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc0fec8449e2dd5c2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna2470f7d936a1164 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7dd71e537b5486fb => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne27e5a6a00a38f7c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigndd82a62442e759ca => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign97879d78e0527b9f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign984487deaec3ae1d => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign21cb87ddc503f07e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign74fddd78d322fdbc => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign41bada228055a929 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign19dc1e9124767e17 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign9ea6ae69f5b1ef1e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign61947d31566f4d92 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4b6273a2c89f46e4 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign38d324d8982e3f8c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigndf50b0379769b619 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd04f2bdaacf278ea => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigncee7589a31709333 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignbd2cccf27f3eae28 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1bda3497101d67c0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign0c94d8c85fc999d3 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2d3e99a9eef64df2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign775e35da2fb5b6e2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne600d025232d8003 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4c8c7c1db06e1411 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign461488dc6747fd15 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4028f88b6d97f8ec => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna3f4fa90b4a0efb2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign67dc696372b5b4d1 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5ebb744283df2d01 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign50b828539a2a8ad6 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign05ebe4dc32fa69d0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf16d9f457ea75668 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign481b9c7fc3aa2770 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1b165c5ee62643ef => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignfed6837d49ca69ec => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignda27417d1f54df65 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign81d9fd5722e4176e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign74d5a79c0864e41d => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5b518cbcd849e279 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7e2c1bd3de259ffa => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigncc4a43cb9b0d1650 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne307521f42998ea7 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc782fe53a4e64867 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign582b53e0d9913cfd => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign77fd9f2ddea676f8 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign37e1886a0f551013 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc623ad7612d12c1a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign0f262a267d8afc64 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign039cf8aca6caa2a9 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign619c6623e8e2c0db => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna360dae61b28023e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign26f664604e7d3262 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc6ee1d7c4c84c994 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign58d6bd03641358a0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc1c61e840c87cc42 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign8a7b1054c7b4ffe5 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7481d1f5626fde38 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign84ed8529bec13c11 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna7ca8f2d6ec00c61 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna6777431be22c432 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign65cd7af392c8ac7a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign477a4ab38bff624a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2db2cbfb53040b99 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign0c46335e157081a1 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf49927039ac5c1e4 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf2c1a9319454c3d4 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna8eeb7c40f81c43b => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4b186da34aedca7f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign125eb44a7e732d80 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc2e28877206dcc55 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignbbd6701236d5f69f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign819aabdb35d5397e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign89993517d5e8575e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign646d7d943a816c4e => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign3c4b2eec6c49f3a8 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2e300beb256c3a1b => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign05696fc65083f1f9 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign098a755583eb0616 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign685365c44f315871 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne1794e6e1517aa08 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign6fa7f3ff7793c375 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7de2e091ffadcd60 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign79421310a58e5760 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigned20bae9be516597 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign41b0bcc2632b4b2f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne5f08ab27c64aa71 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignbf23c6d29b67927c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignb841be77f1d7cf8a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignbb68401c809dd4bc => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc16f620ffa08cc29 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign3fae703febb710e5 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne7738706fe0f88c7 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigndc039b3efa7f8e6f => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd868fe7958a2ef23 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign09164536a6b6ce69 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign79e64212b13bb343 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignb82c23a297e38f1b => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna70c8ed933c9fc0a => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign0452ba66cdfa4174 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna2339436e0101fba => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign6f4beace4f784d42 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd7635daacc079974 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4c888474eb4be0d8 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1e629303ecd15118 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigncb4b72a6fc3a0774 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignb52caa477daf6c07 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignce8a652f09e5db02 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign82e1e909df7196e0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4f1d4e7bb892b8ea => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne558eefdc56dacb1 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignc934afc475956ef1 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign6a4040bdb1e21b77 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign1b29b84ab46c3e0c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign08138759ddcf97fa => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignaf0e509147838d54 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign47fa5528820fd89d => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign8dcfaeb75e14aa57 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign17e44be0f5400b82 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign855f869da9422075 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign9b572d7090c1aef6 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign2c8d513f42ffe4b0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign554cdce57e97ee60 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigna8d6e97f21305ab5 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5dcfdbac8dc3aadd => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign9dc7745c1561ccda => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign35073e2c15541c7d => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd747fab2f235da34 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign9d9821123f892ded => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5ecb08b8163bdc70 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4ca5998cdab314ca => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign412bc7cddf0303ed => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign328f37f1f0d0bab8 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignd5bc30467b208f4c => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign4c882e904b05ebe2 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigne2232959865ffe01 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign95d435b96a4c06e0 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignb33b9e3cd05444d9 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign0d95174067356e69 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignf69f1dd92aa863d3 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsigndda8bb86185359d9 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsignb1ae54e7065d1616 => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign7b6038a8d4f0e8be => moved successfully
C:\Users\Celeste\AppData\Local\Tempzxpsign5ec952f958ca6e89 => moved successfully
 
 
The system needed a reboot.

Edited by cmtc, 17 April 2017 - 10:24 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 17 April 2017 - 12:44 PM

I have an external hard drive my Adobe temp cache has been programmed to be created in which is always plugged in when using those programs so I am not sure while those are being created!

Check in a few days and if other such folders have been created delete them manuallyi.
May they they are created because you are running from a External drive.
===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#11 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 17 April 2017 - 01:19 PM

Alright thank you, will do!  Attached is TDSS Log.  For aswMBR when double clicked a pop-up that says This computer supports virtualiazation technology.  Would you like to use it for rootkit detection?  Do I click yes or no?

 

14:13:19.0551 0x28b8  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
14:13:19.0551 0x28b8  UEFI system
14:13:26.0364 0x28b8  ============================================================
14:13:26.0364 0x28b8  Current date / time: 2017/04/17 14:13:26.0364
14:13:26.0364 0x28b8  SystemInfo:
14:13:26.0364 0x28b8  
14:13:26.0364 0x28b8  OS Version: 10.0.14393 ServicePack: 0.0
14:13:26.0364 0x28b8  Product type: Workstation
14:13:26.0364 0x28b8  ComputerName: CMTC
14:13:26.0364 0x28b8  UserName: Celeste
14:13:26.0364 0x28b8  Windows directory: C:\WINDOWS
14:13:26.0364 0x28b8  System windows directory: C:\WINDOWS
14:13:26.0364 0x28b8  Running under WOW64
14:13:26.0364 0x28b8  Processor architecture: Intel x64
14:13:26.0364 0x28b8  Number of processors: 4
14:13:26.0364 0x28b8  Page size: 0x1000
14:13:26.0364 0x28b8  Boot type: Normal boot
14:13:26.0364 0x28b8  CodeIntegrityOptions = 0x00000001
14:13:26.0364 0x28b8  ============================================================
14:13:26.0484 0x28b8  KLMD registered as C:\WINDOWS\system32\drivers\22941905.sys
14:13:26.0484 0x28b8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.1066, osProperties = 0x19
14:13:27.0131 0x28b8  System UUID: {069B0722-2599-4412-4956-8C948989DB17}
14:13:27.0677 0x28b8  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:13:28.0114 0x28b8  Drive \Device\Harddisk1\DR1 - Size: 0xE8DED00000 ( 931.48 Gb ), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:13:28.0116 0x28b8  ============================================================
14:13:28.0116 0x28b8  \Device\Harddisk0\DR0:
14:13:28.0116 0x28b8  GPT partitions:
14:13:28.0117 0x28b8  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BBE0E31A-FC2A-4B3A-B834-07C524EE9834}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
14:13:28.0117 0x28b8  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9E01646D-5C0C-44CE-A444-BB50FB1F03FF}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
14:13:28.0117 0x28b8  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D056E714-3B0D-4FF7-A5E3-AF03461BF9C5}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0xED00800
14:13:28.0117 0x28b8  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {228FB151-D004-4BE9-AE9A-CA5AC7DB7FA8}, Name: Basic data partition, StartLBA 0xEDA5000, BlocksNum 0xD7000
14:13:28.0117 0x28b8  MBR partitions:
14:13:28.0117 0x28b8  \Device\Harddisk1\DR1:
14:13:28.0117 0x28b8  MBR partitions:
14:13:28.0117 0x28b8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
14:13:28.0117 0x28b8  ============================================================
14:13:28.0118 0x28b8  C: <-> \Device\Harddisk0\DR0\Partition3
14:13:28.0145 0x28b8  E: <-> \Device\Harddisk1\DR1\Partition1
14:13:28.0145 0x28b8  ============================================================
14:13:28.0145 0x28b8  Initialize success
14:13:28.0145 0x28b8  ============================================================
14:13:36.0963 0x2a34  ============================================================
14:13:36.0963 0x2a34  Scan started
14:13:36.0963 0x2a34  Mode: Manual; 
14:13:36.0963 0x2a34  ============================================================
14:13:36.0963 0x2a34  KSN ping started
14:13:37.0524 0x2a34  KSN ping finished: true
14:13:38.0296 0x2a34  ================ Scan system memory ========================
14:13:38.0296 0x2a34  System memory - ok
14:13:38.0296 0x2a34  ================ Scan services =============================
14:13:38.0377 0x2a34  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
14:13:38.0388 0x2a34  1394ohci - ok
14:13:38.0396 0x2a34  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
14:13:38.0400 0x2a34  3ware - ok
14:13:38.0415 0x2a34  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
14:13:38.0429 0x2a34  ACPI - ok
14:13:38.0433 0x2a34  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
14:13:38.0434 0x2a34  AcpiDev - ok
14:13:38.0437 0x2a34  acpiex - ok
14:13:38.0439 0x2a34  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
14:13:38.0441 0x2a34  acpipagr - ok
14:13:38.0445 0x2a34  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
14:13:38.0446 0x2a34  AcpiPmi - ok
14:13:38.0449 0x2a34  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
14:13:38.0450 0x2a34  acpitime - ok
14:13:38.0468 0x2a34  [ 5B4D60ACCEA6918DBBB8C9FD4ADBDD29, FE3A768A76B673DCD09716F600D52B53A6EABEC6AA65E0DE89144F322E8571B8 ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
14:13:38.0481 0x2a34  AdobeUpdateService - ok
14:13:38.0505 0x2a34  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
14:13:38.0522 0x2a34  ADP80XX - ok
14:13:38.0527 0x2a34  AFD - ok
14:13:38.0531 0x2a34  ahcache - ok
14:13:38.0533 0x2a34  AJRouter - ok
14:13:38.0536 0x2a34  ALG - ok
14:13:38.0541 0x2a34  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
14:13:38.0545 0x2a34  AmdK8 - ok
14:13:38.0550 0x2a34  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
14:13:38.0553 0x2a34  AmdPPM - ok
14:13:38.0558 0x2a34  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
14:13:38.0560 0x2a34  amdsata - ok
14:13:38.0568 0x2a34  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
14:13:38.0573 0x2a34  amdsbs - ok
14:13:38.0577 0x2a34  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
14:13:38.0578 0x2a34  amdxata - ok
14:13:38.0582 0x2a34  AppID - ok
14:13:38.0584 0x2a34  AppIDSvc - ok
14:13:38.0586 0x2a34  Appinfo - ok
14:13:38.0593 0x2a34  [ A5E8EB3B4244358F62DADF769DB59567, 76FE364D9A896424E4C2BCA5F66CFF31F22513851B7E4B65EDE206DF159DA67F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:13:38.0595 0x2a34  Apple Mobile Device Service - ok
14:13:38.0598 0x2a34  applockerfltr - ok
14:13:38.0600 0x2a34  AppMgmt - ok
14:13:38.0604 0x2a34  AppReadiness - ok
14:13:38.0605 0x2a34  AppVClient - ok
14:13:38.0610 0x2a34  AppvStrm - ok
14:13:38.0613 0x2a34  AppvVemgr - ok
14:13:38.0615 0x2a34  AppvVfs - ok
14:13:38.0618 0x2a34  AppXSvc - ok
14:13:38.0623 0x2a34  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
14:13:38.0626 0x2a34  arcsas - ok
14:13:38.0628 0x2a34  AsyncMac - ok
14:13:38.0631 0x2a34  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
14:13:38.0633 0x2a34  atapi - ok
14:13:38.0637 0x2a34  AudioEndpointBuilder - ok
14:13:38.0640 0x2a34  Audiosrv - ok
14:13:38.0644 0x2a34  AxInstSV - ok
14:13:38.0656 0x2a34  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
14:13:38.0664 0x2a34  b06bdrv - ok
14:13:38.0668 0x2a34  BasicDisplay - ok
14:13:38.0670 0x2a34  BasicRender - ok
14:13:38.0676 0x2a34  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
14:13:38.0677 0x2a34  bcmfn - ok
14:13:38.0680 0x2a34  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
14:13:38.0681 0x2a34  bcmfn2 - ok
14:13:38.0684 0x2a34  BDESVC - ok
14:13:38.0687 0x2a34  Beep - ok
14:13:38.0690 0x2a34  BFE - ok
14:13:38.0693 0x2a34  BITS - ok
14:13:38.0704 0x2a34  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:13:38.0712 0x2a34  Bonjour Service - ok
14:13:38.0716 0x2a34  bowser - ok
14:13:38.0718 0x2a34  BrokerInfrastructure - ok
14:13:38.0721 0x2a34  Browser - ok
14:13:38.0725 0x2a34  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
14:13:38.0727 0x2a34  BthAvrcpTg - ok
14:13:38.0730 0x2a34  BthEnum - ok
14:13:38.0734 0x2a34  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
14:13:38.0736 0x2a34  BthHFEnum - ok
14:13:38.0740 0x2a34  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
14:13:38.0742 0x2a34  bthhfhid - ok
14:13:38.0751 0x2a34  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
14:13:38.0771 0x2a34  BthHFSrv - ok
14:13:38.0774 0x2a34  BthLEEnum - ok
14:13:38.0778 0x2a34  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
14:13:38.0780 0x2a34  BTHMODEM - ok
14:13:38.0784 0x2a34  BthPan - ok
14:13:38.0787 0x2a34  BTHPORT - ok
14:13:38.0790 0x2a34  bthserv - ok
14:13:38.0795 0x2a34  BTHUSB - ok
14:13:38.0799 0x2a34  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
14:13:38.0801 0x2a34  buttonconverter - ok
14:13:38.0806 0x2a34  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
14:13:38.0821 0x2a34  CapImg - ok
14:13:38.0824 0x2a34  cdfs - ok
14:13:38.0828 0x2a34  CDPSvc - ok
14:13:38.0832 0x2a34  CDPUserSvc - ok
14:13:38.0840 0x2a34  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
14:13:38.0844 0x2a34  cdrom - ok
14:13:38.0846 0x2a34  CertPropSvc - ok
14:13:38.0856 0x2a34  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
14:13:38.0862 0x2a34  cht4iscsi - ok
14:13:38.0899 0x2a34  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
14:13:38.0933 0x2a34  cht4vbd - ok
14:13:38.0939 0x2a34  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
14:13:38.0941 0x2a34  circlass - ok
14:13:38.0944 0x2a34  CLFS - ok
14:13:38.0947 0x2a34  ClipSVC - ok
14:13:38.0949 0x2a34  clreg - ok
14:13:38.0954 0x2a34  CmBatt - ok
14:13:38.0957 0x2a34  CNG - ok
14:13:38.0960 0x2a34  cnghwassist - ok
14:13:38.0971 0x2a34  CompositeBus - ok
14:13:38.0974 0x2a34  COMSysApp - ok
14:13:38.0978 0x2a34  condrv - ok
14:13:38.0981 0x2a34  CoreMessagingRegistrar - ok
14:13:39.0003 0x2a34  [ BA0540D60EF33296FFEBB3CDE8188A88, AA43F81DA5E84C1CA64B80FDFD78AFEE0C0369C2688D8F02F2812FAA0E518490 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
14:13:39.0108 0x2a34  cphs - ok
14:13:39.0112 0x2a34  CryptSvc - ok
14:13:39.0115 0x2a34  CSC - ok
14:13:39.0117 0x2a34  CscService - ok
14:13:39.0120 0x2a34  dam - ok
14:13:39.0124 0x2a34  DcomLaunch - ok
14:13:39.0127 0x2a34  DcpSvc - ok
14:13:39.0130 0x2a34  defragsvc - ok
14:13:39.0132 0x2a34  DeviceAssociationService - ok
14:13:39.0135 0x2a34  DeviceInstall - ok
14:13:39.0138 0x2a34  DevQueryBroker - ok
14:13:39.0141 0x2a34  Dfsc - ok
14:13:39.0144 0x2a34  Dhcp - ok
14:13:39.0148 0x2a34  diagnosticshub.standardcollector.service - ok
14:13:39.0150 0x2a34  DiagTrack - ok
14:13:39.0155 0x2a34  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
14:13:39.0158 0x2a34  disk - ok
14:13:39.0161 0x2a34  DmEnrollmentSvc - ok
14:13:39.0164 0x2a34  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
14:13:39.0166 0x2a34  dmvsc - ok
14:13:39.0169 0x2a34  dmwappushservice - ok
14:13:39.0172 0x2a34  Dnscache - ok
14:13:39.0176 0x2a34  dot3svc - ok
14:13:39.0179 0x2a34  [ 2283EECDF839CAA92D50A9F11C6B917D, 636519D3293FEB6779F089865C8C59A0763E720AFEFBAD46FDB164FC06B9127E ] dpclat_driver   C:\WINDOWS\system32\drivers\dpclat_driver.sys
14:13:39.0191 0x2a34  dpclat_driver - ok
14:13:39.0194 0x2a34  DPS - ok
14:13:39.0197 0x2a34  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
14:13:39.0198 0x2a34  drmkaud - ok
14:13:39.0201 0x2a34  DsmSvc - ok
14:13:39.0204 0x2a34  DsSvc - ok
14:13:39.0207 0x2a34  DXGKrnl - ok
14:13:39.0210 0x2a34  EapHost - ok
14:13:39.0265 0x2a34  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
14:13:39.0318 0x2a34  ebdrv - ok
14:13:39.0324 0x2a34  EFS - ok
14:13:39.0328 0x2a34  EhStorClass - ok
14:13:39.0332 0x2a34  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
14:13:39.0345 0x2a34  EhStorTcgDrv - ok
14:13:39.0348 0x2a34  embeddedmode - ok
14:13:39.0350 0x2a34  EntAppSvc - ok
14:13:39.0353 0x2a34  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
14:13:39.0354 0x2a34  ErrDev - ok
14:13:39.0361 0x2a34  EventSystem - ok
14:13:39.0363 0x2a34  exfat - ok
14:13:39.0366 0x2a34  fastfat - ok
14:13:39.0368 0x2a34  Fax - ok
14:13:39.0372 0x2a34  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
14:13:39.0374 0x2a34  fdc - ok
14:13:39.0378 0x2a34  fdPHost - ok
14:13:39.0380 0x2a34  FDResPub - ok
14:13:39.0383 0x2a34  fhsvc - ok
14:13:39.0386 0x2a34  FileCrypt - ok
14:13:39.0389 0x2a34  FileInfo - ok
14:13:39.0392 0x2a34  Filetrace - ok
14:13:39.0395 0x2a34  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
14:13:39.0396 0x2a34  flpydisk - ok
14:13:39.0400 0x2a34  FltMgr - ok
14:13:39.0402 0x2a34  FontCache - ok
14:13:39.0405 0x2a34  FrameServer - ok
14:13:39.0407 0x2a34  FsDepends - ok
14:13:39.0411 0x2a34  Fs_Rec - ok
14:13:39.0414 0x2a34  fvevol - ok
14:13:39.0417 0x2a34  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
14:13:39.0421 0x2a34  gencounter - ok
14:13:39.0426 0x2a34  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
14:13:39.0427 0x2a34  genericusbfn - ok
14:13:39.0430 0x2a34  GPIOClx0101 - ok
14:13:39.0433 0x2a34  gpsvc - ok
14:13:39.0437 0x2a34  GpuEnergyDrv - ok
14:13:39.0443 0x2a34  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:13:39.0483 0x2a34  gupdate - ok
14:13:39.0487 0x2a34  [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4, 51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:13:39.0489 0x2a34  gupdatem - ok
14:13:39.0493 0x2a34  HDAudBus - ok
14:13:39.0496 0x2a34  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
14:13:39.0498 0x2a34  HidBatt - ok
14:13:39.0501 0x2a34  HidBth - ok
14:13:39.0504 0x2a34  hidi2c - ok
14:13:39.0507 0x2a34  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
14:13:39.0509 0x2a34  hidinterrupt - ok
14:13:39.0513 0x2a34  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
14:13:39.0514 0x2a34  HidIr - ok
14:13:39.0517 0x2a34  hidserv - ok
14:13:39.0519 0x2a34  HidUsb - ok
14:13:39.0522 0x2a34  HomeGroupListener - ok
14:13:39.0524 0x2a34  HomeGroupProvider - ok
14:13:39.0529 0x2a34  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
14:13:39.0531 0x2a34  HpSAMD - ok
14:13:39.0534 0x2a34  HTTP - ok
14:13:39.0536 0x2a34  HvHost - ok
14:13:39.0539 0x2a34  hvservice - ok
14:13:39.0542 0x2a34  hwpolicy - ok
14:13:39.0546 0x2a34  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
14:13:39.0547 0x2a34  hyperkbd - ok
14:13:39.0553 0x2a34  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
14:13:39.0556 0x2a34  i8042prt - ok
14:13:39.0560 0x2a34  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
14:13:39.0562 0x2a34  iagpio - ok
14:13:39.0565 0x2a34  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
14:13:39.0568 0x2a34  iai2c - ok
14:13:39.0572 0x2a34  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
14:13:39.0575 0x2a34  iaLPSS2i_GPIO2 - ok
14:13:39.0580 0x2a34  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
14:13:39.0585 0x2a34  iaLPSS2i_I2C - ok
14:13:39.0588 0x2a34  iaLPSSi_GPIO - ok
14:13:39.0591 0x2a34  iaLPSSi_I2C - ok
14:13:39.0595 0x2a34  [ 30267B4417B91B15E4E2A827531C2650, E710C4E5D9FE27175FC788AF950BD205CCFB45B1B804CCCEECE645C8F1E9A646 ] iaLPSS_GPIO     C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys
14:13:39.0596 0x2a34  iaLPSS_GPIO - ok
14:13:39.0600 0x2a34  [ F48E1A63FC46EC6F891ED13ADD543BAE, 33B38AC5D4EFEC5A45BE222712C51FCEBDDFFFC85850930991D4A8520D91DB6F ] iaLPSS_I2C      C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys
14:13:39.0604 0x2a34  iaLPSS_I2C - ok
14:13:39.0618 0x2a34  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
14:13:39.0630 0x2a34  iaStorAV - ok
14:13:39.0640 0x2a34  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
14:13:39.0647 0x2a34  iaStorV - ok
14:13:39.0660 0x2a34  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
14:13:39.0669 0x2a34  ibbus - ok
14:13:39.0673 0x2a34  icssvc - ok
14:13:39.0799 0x2a34  [ 065D78080A1A5ADDC566C046AEB7BA4B, 08E974E73172BEB7C47BEC1D67B665935BE583397D15C48A21D2F4FBCCD82ED8 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
14:13:39.0945 0x2a34  igfx - ok
14:13:39.0956 0x2a34  IKEEXT - ok
14:13:39.0959 0x2a34  IndirectKmd - ok
14:13:40.0034 0x2a34  [ 957C6E50A70330D3EE83C951A6FB2E2D, 84B4BC7CE84893125BEB55F5AF4B3A94BADF71BF7973BC331557AAD88B53A7F6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
14:13:40.0104 0x2a34  IntcAzAudAddService - ok
14:13:40.0123 0x2a34  [ E300D1E37B737ED14F7A08CD5604E5D9, 5C1135081E29D7F4A97D5CAA2C8FBE1DD04EC7A3D8E648E69F2AA9EBDD88EBBB ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
14:13:40.0132 0x2a34  IntcDAud - ok
14:13:40.0136 0x2a34  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
14:13:40.0137 0x2a34  intelide - ok
14:13:40.0142 0x2a34  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
14:13:40.0143 0x2a34  intelpep - ok
14:13:40.0146 0x2a34  intelppm - ok
14:13:40.0148 0x2a34  iorate - ok
14:13:40.0151 0x2a34  IpFilterDriver - ok
14:13:40.0153 0x2a34  iphlpsvc - ok
14:13:40.0159 0x2a34  [ 10D01A3657AC8E8004C83D613163DE1E, F9389F1BF87A2D28899F50D270DA6F48B0912CFAF06CEE566697B041DBE92F9C ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
14:13:40.0171 0x2a34  IPMIDRV - ok
14:13:40.0173 0x2a34  IPNAT - ok
14:13:40.0189 0x2a34  [ E8C5F565D2C01FEE788E7C0F15D3E406, 92CC7ACB77161F35609F90D7052D05F7E94CC98419F55566DF921042FFC8E96B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:13:40.0245 0x2a34  iPod Service - ok
14:13:40.0248 0x2a34  irda - ok
14:13:40.0251 0x2a34  IRENUM - ok
14:13:40.0253 0x2a34  irmon - ok
14:13:40.0256 0x2a34  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
14:13:40.0258 0x2a34  isapnp - ok
14:13:40.0266 0x2a34  [ CA20F4621AB8CD3F69199DE21B5B41C4, 0AFFC66DD10D4D15139337E5ED343A2ABBB26CC8A83B3BDF6AD10C68B3931A7C ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
14:13:40.0284 0x2a34  iScsiPrt - ok
14:13:40.0290 0x2a34  kbdclass - ok
14:13:40.0292 0x2a34  kbdhid - ok
14:13:40.0299 0x2a34  kdnic - ok
14:13:40.0301 0x2a34  KeyIso - ok
14:13:40.0305 0x2a34  KSecDD - ok
14:13:40.0309 0x2a34  KSecPkg - ok
14:13:40.0313 0x2a34  ksthunk - ok
14:13:40.0317 0x2a34  KtmRm - ok
14:13:40.0320 0x2a34  LanmanServer - ok
14:13:40.0323 0x2a34  LanmanWorkstation - ok
14:13:40.0329 0x2a34  lfsvc - ok
14:13:40.0331 0x2a34  LicenseManager - ok
14:13:40.0334 0x2a34  lltdio - ok
14:13:40.0337 0x2a34  lltdsvc - ok
14:13:40.0340 0x2a34  lmhosts - ok
14:13:40.0346 0x2a34  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
14:13:40.0349 0x2a34  LSI_SAS - ok
14:13:40.0353 0x2a34  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
14:13:40.0356 0x2a34  LSI_SAS2i - ok
14:13:40.0363 0x2a34  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
14:13:40.0366 0x2a34  LSI_SAS3i - ok
14:13:40.0370 0x2a34  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
14:13:40.0373 0x2a34  LSI_SSS - ok
14:13:40.0376 0x2a34  LSM - ok
14:13:40.0379 0x2a34  luafv - ok
14:13:40.0382 0x2a34  MapsBroker - ok
14:13:40.0455 0x2a34  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
14:13:40.0527 0x2a34  MBAMService - ok
14:13:40.0543 0x2a34  [ 53283EB9998AC9350E14C35A880989DB, 11DD963C67DB7584742810C54BEC4871584413A1BAA8209F79AC923006DE45BB ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
14:13:40.0547 0x2a34  MBAMSwissArmy - ok
14:13:40.0552 0x2a34  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
14:13:40.0554 0x2a34  megasas - ok
14:13:40.0558 0x2a34  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
14:13:40.0572 0x2a34  megasas2i - ok
14:13:40.0586 0x2a34  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
14:13:40.0597 0x2a34  megasr - ok
14:13:40.0601 0x2a34  [ EB1D78140D6634C32A46AB1006105EDC, 586F988A7272A7E3F6AA2CC9A001A08A3D178A011AE8C095BB7EAD9FFB45AAB1 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverx64.sys
14:13:40.0604 0x2a34  MEIx64 - ok
14:13:40.0608 0x2a34  MessagingService - ok
14:13:40.0627 0x2a34  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
14:13:40.0642 0x2a34  mlx4_bus - ok
14:13:40.0646 0x2a34  MMCSS - ok
14:13:40.0648 0x2a34  Modem - ok
14:13:40.0651 0x2a34  monitor - ok
14:13:40.0654 0x2a34  mouclass - ok
14:13:40.0657 0x2a34  mouhid - ok
14:13:40.0660 0x2a34  mountmgr - ok
14:13:40.0668 0x2a34  [ AA12FAF01013F63348B722D3588550FF, AADE8C93BFE0830AE43AD649F62D7D7E25FC14107B172815EF9F4069C19ADFCC ] MpKsl82d0dacd   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9819616E-4B5B-4B0A-A4C2-22A779A93346}\MpKsl82d0dacd.sys
14:13:40.0669 0x2a34  MpKsl82d0dacd - ok
14:13:40.0673 0x2a34  mpsdrv - ok
14:13:40.0677 0x2a34  MpsSvc - ok
14:13:40.0680 0x2a34  mrvlpcie8897 - ok
14:13:40.0682 0x2a34  MRxDAV - ok
14:13:40.0685 0x2a34  mrxsmb - ok
14:13:40.0688 0x2a34  mrxsmb10 - ok
14:13:40.0691 0x2a34  mrxsmb20 - ok
14:13:40.0695 0x2a34  MsBridge - ok
14:13:40.0698 0x2a34  MSDTC - ok
14:13:40.0702 0x2a34  Msfs - ok
14:13:40.0706 0x2a34  msgpiowin32 - ok
14:13:40.0708 0x2a34  mshidkmdf - ok
14:13:40.0712 0x2a34  mshidumdf - ok
14:13:40.0714 0x2a34  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
14:13:40.0716 0x2a34  msisadrv - ok
14:13:40.0718 0x2a34  MSiSCSI - ok
14:13:40.0721 0x2a34  msiserver - ok
14:13:40.0724 0x2a34  MSKSSRV - ok
14:13:40.0727 0x2a34  MsLldp - ok
14:13:40.0731 0x2a34  MSPCLOCK - ok
14:13:40.0734 0x2a34  MSPQM - ok
14:13:40.0737 0x2a34  MsRPC - ok
14:13:40.0740 0x2a34  MsSecFlt - ok
14:13:40.0744 0x2a34  mssmbios - ok
14:13:40.0746 0x2a34  MSTEE - ok
14:13:40.0749 0x2a34  MTConfig - ok
14:13:40.0752 0x2a34  Mup - ok
14:13:40.0755 0x2a34  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
14:13:40.0758 0x2a34  mvumis - ok
14:13:40.0766 0x2a34  NativeWifiP - ok
14:13:40.0769 0x2a34  NcaSvc - ok
14:13:40.0771 0x2a34  NcbService - ok
14:13:40.0774 0x2a34  NcdAutoSetup - ok
14:13:40.0779 0x2a34  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
14:13:40.0782 0x2a34  ndfltr - ok
14:13:40.0785 0x2a34  NDIS - ok
14:13:40.0788 0x2a34  NdisCap - ok
14:13:40.0790 0x2a34  NdisImPlatform - ok
14:13:40.0794 0x2a34  NdisTapi - ok
14:13:40.0797 0x2a34  Ndisuio - ok
14:13:40.0800 0x2a34  NdisVirtualBus - ok
14:13:40.0802 0x2a34  NdisWan - ok
14:13:40.0805 0x2a34  ndiswanlegacy - ok
14:13:40.0807 0x2a34  ndproxy - ok
14:13:40.0811 0x2a34  Ndu - ok
14:13:40.0814 0x2a34  NetAdapterCx - ok
14:13:40.0816 0x2a34  NetBIOS - ok
14:13:40.0820 0x2a34  NetBT - ok
14:13:40.0823 0x2a34  Netlogon - ok
14:13:40.0826 0x2a34  Netman - ok
14:13:40.0829 0x2a34  netprofm - ok
14:13:40.0832 0x2a34  NetSetupSvc - ok
14:13:40.0837 0x2a34  NetTcpPortSharing - ok
14:13:40.0841 0x2a34  NgcCtnrSvc - ok
14:13:40.0844 0x2a34  NgcSvc - ok
14:13:40.0847 0x2a34  NlaSvc - ok
14:13:40.0857 0x2a34  [ 67C7D79A152611D25AE37307DC25959A, D9CDFD0B9F1507F2D56A73890450BE7ED3209ED31DB74E22411D603E6C13F1F3 ] nordvpn-service C:\Program Files (x86)\NordVPN\nordvpn-service.exe
14:13:40.0865 0x2a34  nordvpn-service - ok
14:13:40.0869 0x2a34  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] npf             C:\WINDOWS\system32\drivers\npf.sys
14:13:40.0883 0x2a34  npf - ok
14:13:40.0885 0x2a34  Npfs - ok
14:13:40.0888 0x2a34  npsvctrig - ok
14:13:40.0891 0x2a34  nsi - ok
14:13:40.0894 0x2a34  nsiproxy - ok
14:13:40.0898 0x2a34  NTFS - ok
14:13:40.0901 0x2a34  Null - ok
14:13:40.0906 0x2a34  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
14:13:40.0910 0x2a34  nvraid - ok
14:13:40.0917 0x2a34  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
14:13:40.0921 0x2a34  nvstor - ok
14:13:40.0924 0x2a34  OneSyncSvc - ok
14:13:40.0932 0x2a34  p2pimsvc - ok
14:13:40.0935 0x2a34  p2psvc - ok
14:13:40.0940 0x2a34  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
14:13:40.0944 0x2a34  Parport - ok
14:13:40.0950 0x2a34  partmgr - ok
14:13:40.0953 0x2a34  PcaSvc - ok
14:13:40.0962 0x2a34  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
14:13:40.0982 0x2a34  pci - ok
14:13:40.0986 0x2a34  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
14:13:40.0988 0x2a34  pciide - ok
14:13:40.0994 0x2a34  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
14:13:40.0999 0x2a34  pcmcia - ok
14:13:41.0004 0x2a34  pcw - ok
14:13:41.0007 0x2a34  pdc - ok
14:13:41.0011 0x2a34  PEAUTH - ok
14:13:41.0019 0x2a34  PeerDistSvc - ok
14:13:41.0023 0x2a34  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
14:13:41.0026 0x2a34  percsas2i - ok
14:13:41.0033 0x2a34  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
14:13:41.0037 0x2a34  percsas3i - ok
14:13:41.0056 0x2a34  PerfHost - ok
14:13:41.0067 0x2a34  PhoneSvc - ok
14:13:41.0074 0x2a34  PimIndexMaintenanceSvc - ok
14:13:41.0082 0x2a34  pla - ok
14:13:41.0087 0x2a34  PlugPlay - ok
14:13:41.0093 0x2a34  PNRPAutoReg - ok
14:13:41.0099 0x2a34  PNRPsvc - ok
14:13:41.0104 0x2a34  PolicyAgent - ok
14:13:41.0107 0x2a34  Power - ok
14:13:41.0113 0x2a34  PptpMiniport - ok
14:13:41.0186 0x2a34  [ 12ECCDB0C865A8CB805BABAD5A54EF41, B6E709C692EDDC2308A6944DE1ABA13155FC52905DC572C0008BCC97B3889771 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
14:13:41.0269 0x2a34  PrintNotify - ok
14:13:41.0277 0x2a34  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
14:13:41.0281 0x2a34  Processor - ok
14:13:41.0285 0x2a34  ProfSvc - ok
14:13:41.0288 0x2a34  Psched - ok
14:13:41.0292 0x2a34  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
14:13:41.0293 0x2a34  PSI - ok
14:13:41.0296 0x2a34  QWAVE - ok
14:13:41.0299 0x2a34  QWAVEdrv - ok
14:13:41.0304 0x2a34  RasAcd - ok
14:13:41.0307 0x2a34  RasAgileVpn - ok
14:13:41.0311 0x2a34  RasAuto - ok
14:13:41.0314 0x2a34  Rasl2tp - ok
14:13:41.0317 0x2a34  RasMan - ok
14:13:41.0320 0x2a34  RasPppoe - ok
14:13:41.0323 0x2a34  RasSstp - ok
14:13:41.0326 0x2a34  rdbss - ok
14:13:41.0331 0x2a34  rdpbus - ok
14:13:41.0334 0x2a34  RDPDR - ok
14:13:41.0340 0x2a34  RdpVideoMiniport - ok
14:13:41.0343 0x2a34  rdyboost - ok
14:13:41.0347 0x2a34  ReFSv1 - ok
14:13:41.0351 0x2a34  RemoteAccess - ok
14:13:41.0354 0x2a34  RemoteRegistry - ok
14:13:41.0357 0x2a34  RetailDemo - ok
14:13:41.0360 0x2a34  RFCOMM - ok
14:13:41.0364 0x2a34  RmSvc - ok
14:13:41.0367 0x2a34  RpcEptMapper - ok
14:13:41.0369 0x2a34  RpcLocator - ok
14:13:41.0372 0x2a34  RpcSs - ok
14:13:41.0376 0x2a34  [ AD53BCEE2C4EE1BCE383D75030B0EDF6, C23D2441D8D2E7BBA4227399447C9F30C286861CC7D0BBC911A169C226BFE7BC ] rspLLL          C:\WINDOWS\system32\DRIVERS\rspLLL64.sys
14:13:41.0387 0x2a34  rspLLL - ok
14:13:41.0390 0x2a34  rspndr - ok
14:13:41.0394 0x2a34  [ DBC39B86D0F9FCF38C177C6D407B69DC, 073E2376BACF901E06000EE0C8F430072D88B4E325B4EFCD6EBCE4C8F2DA3930 ] rspWhySoSlow    C:\WINDOWS\system32\DRIVERS\rspWhy64.sys
14:13:41.0409 0x2a34  rspWhySoSlow - ok
14:13:41.0419 0x2a34  [ 927620C26D8250A3CAB29A7C2365049A, B38E2DF5B1B6FEEB7AFFD525889C3E807A854DD999133B30E534CC5DE62B093B ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
14:13:41.0428 0x2a34  RTSUER - ok
14:13:41.0431 0x2a34  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
14:13:41.0433 0x2a34  s3cap - ok
14:13:41.0435 0x2a34  SamSs - ok
14:13:41.0440 0x2a34  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
14:13:41.0444 0x2a34  sbp2port - ok
14:13:41.0447 0x2a34  SCardSvr - ok
14:13:41.0450 0x2a34  ScDeviceEnum - ok
14:13:41.0453 0x2a34  scfilter - ok
14:13:41.0456 0x2a34  Schedule - ok
14:13:41.0461 0x2a34  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
14:13:41.0463 0x2a34  scmbus - ok
14:13:41.0468 0x2a34  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
14:13:41.0472 0x2a34  scmdisk0101 - ok
14:13:41.0475 0x2a34  SCPolicySvc - ok
14:13:41.0483 0x2a34  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
14:13:41.0502 0x2a34  sdbus - ok
14:13:41.0506 0x2a34  SDRSVC - ok
14:13:41.0510 0x2a34  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
14:13:41.0515 0x2a34  sdstor - ok
14:13:41.0519 0x2a34  seclogon - ok
14:13:41.0552 0x2a34  [ BE43B6172AC5961017762AB3C9B9B4C6, 209356410729F5DB8E9CB64B7F32638CE4C1559B5FA10B66C69C0650A0ADD36E ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:13:41.0579 0x2a34  Secunia PSI Agent - ok
14:13:41.0602 0x2a34  [ C85EE9529401BF0467DACEB3D4BD1EAF, 4CB441A39C4FF3417B9046BEB237B3043A105A0112F5A04444F431C7F77C3D4B ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
14:13:41.0617 0x2a34  Secunia Update Agent - ok
14:13:41.0620 0x2a34  SENS - ok
14:13:41.0622 0x2a34  Sense - ok
14:13:41.0626 0x2a34  SensorDataService - ok
14:13:41.0632 0x2a34  SensorService - ok
14:13:41.0636 0x2a34  SensorsHIDClassDriver - ok
14:13:41.0639 0x2a34  SensrSvc - ok
14:13:41.0642 0x2a34  SerCx - ok
14:13:41.0648 0x2a34  SerCx2 - ok
14:13:41.0653 0x2a34  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
14:13:41.0655 0x2a34  Serenum - ok
14:13:41.0660 0x2a34  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
14:13:41.0664 0x2a34  Serial - ok
14:13:41.0669 0x2a34  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
14:13:41.0670 0x2a34  sermouse - ok
14:13:41.0673 0x2a34  SessionEnv - ok
14:13:41.0677 0x2a34  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
14:13:41.0680 0x2a34  sfloppy - ok
14:13:41.0685 0x2a34  SharedAccess - ok
14:13:41.0688 0x2a34  ShellHWDetection - ok
14:13:41.0693 0x2a34  shpamsvc - ok
14:13:41.0699 0x2a34  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
14:13:41.0700 0x2a34  SiSRaid2 - ok
14:13:41.0705 0x2a34  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
14:13:41.0707 0x2a34  SiSRaid4 - ok
14:13:41.0712 0x2a34  smphost - ok
14:13:41.0715 0x2a34  SmsRouter - ok
14:13:41.0720 0x2a34  SNMPTRAP - ok
14:13:41.0734 0x2a34  [ 8BDB9E47D84144110F05AB757E630374, 8A49004895B8AD17C877AA8E7B6A0F14936BDDCBB88F0E5FB880DD0D816AEAB4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
14:13:41.0758 0x2a34  spaceport - ok
14:13:41.0762 0x2a34  SpbCx - ok
14:13:41.0766 0x2a34  Spooler - ok
14:13:41.0769 0x2a34  sppsvc - ok
14:13:41.0772 0x2a34  srv - ok
14:13:41.0775 0x2a34  srv2 - ok
14:13:41.0778 0x2a34  srvnet - ok
14:13:41.0781 0x2a34  SSDPSRV - ok
14:13:41.0784 0x2a34  SstpSvc - ok
14:13:41.0787 0x2a34  StateRepository - ok
14:13:41.0790 0x2a34  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
14:13:41.0793 0x2a34  stexstor - ok
14:13:41.0797 0x2a34  stisvc - ok
14:13:41.0800 0x2a34  storahci - ok
14:13:41.0803 0x2a34  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
14:13:41.0806 0x2a34  storflt - ok
14:13:41.0811 0x2a34  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
14:13:41.0823 0x2a34  stornvme - ok
14:13:41.0826 0x2a34  storqosflt - ok
14:13:41.0829 0x2a34  StorSvc - ok
14:13:41.0833 0x2a34  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
14:13:41.0834 0x2a34  storufs - ok
14:13:41.0838 0x2a34  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
14:13:41.0840 0x2a34  storvsc - ok
14:13:41.0844 0x2a34  [ BD84088AF747BA0BD54841ECAC3C2BA4, DFA942704DFCE1312946393E4E4BC0D7CB3076ACE51D2EF12F03E799C340F656 ] SurfaceAccessoryDevice C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys
14:13:41.0858 0x2a34  SurfaceAccessoryDevice - ok
14:13:41.0862 0x2a34  [ 34758270194725B53E777D5DFF7E661C, A685C4CCC1FEB491119A45F7156005C1C3AF1CA6BD7B152652D42551418A6B07 ] SurfaceCapacitiveHomeButton C:\WINDOWS\System32\drivers\SurfaceCapacitiveHomeButton.sys
14:13:41.0864 0x2a34  SurfaceCapacitiveHomeButton - ok
14:13:41.0869 0x2a34  [ 746D65C7F85EA7DAC1B220A24F3E1C6E, B1D28A870ADCA809EA4D32E95E33704B395FFB0359542374C143A02585ADF318 ] SurfaceDisplayCalibration C:\WINDOWS\System32\drivers\SurfaceDisplayCalibration.sys
14:13:41.0871 0x2a34  SurfaceDisplayCalibration - ok
14:13:41.0876 0x2a34  [ 7037821A833BFDD751CDEA1B6F1FC7FB, 078909F700A364E8C0968711F044707138787D14A616D720D9DDB5ED3B529724 ] SurfaceIntegrationDriver C:\WINDOWS\System32\drivers\SurfaceIntegrationDriver.sys
14:13:41.0879 0x2a34  SurfaceIntegrationDriver - ok
14:13:41.0882 0x2a34  [ F5AC15117E2ADC931509E54BBD84D673, EE984AB42C5BF2C34B6E144BEC01F18ED58BF9BE16589B4131E519D5B7EFE98E ] SurfacePciController C:\WINDOWS\system32\drivers\SurfacePciController.sys
14:13:41.0884 0x2a34  SurfacePciController - ok
14:13:41.0889 0x2a34  [ 1A09F6250B1D658448DB87EB62B3606A, 292BBADB3EE89B632EB36B80276C715B1D1D48CC98666624B7F061A024A1F560 ] SurfacePenDriver C:\WINDOWS\System32\drivers\SurfacePenDriver.sys
14:13:41.0907 0x2a34  SurfacePenDriver - ok
14:13:41.0911 0x2a34  [ DB7FC7CF3C083BB0C351BFD92A9420D1, C134DC59F00DE94A8F57980253D0A92807DF2710F1A0C0C9CFF84D708AC135FF ] SurfacePro4TypeCoverIntegration C:\WINDOWS\System32\drivers\SurfacePro4TypeCoverIntegration.sys
14:13:41.0914 0x2a34  SurfacePro4TypeCoverIntegration - ok
14:13:41.0918 0x2a34  [ 9E884732277678887E706AF84A333572, 7D0DA7E86759D72A746139A1DA786F6F6A7305803760EFA5D5F69FD5A743F0AD ] SurfaceTypeCover C:\WINDOWS\System32\drivers\SurfaceTypeCover.sys
14:13:41.0919 0x2a34  SurfaceTypeCover - ok
14:13:41.0923 0x2a34  svsvc - ok
14:13:41.0926 0x2a34  swenum - ok
14:13:41.0930 0x2a34  swprv - ok
14:13:41.0935 0x2a34  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
14:13:41.0938 0x2a34  Synth3dVsc - ok
14:13:41.0941 0x2a34  SysMain - ok
14:13:41.0944 0x2a34  SystemEventsBroker - ok
14:13:41.0947 0x2a34  TabletInputService - ok
14:13:41.0950 0x2a34  [ D765F43CBEA72D14C04AF3D2B9C8E54B, 89C5CA1440DF186497CE158EB71C0C6BF570A75B6BC1880EAC7C87A0250201C0 ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
14:13:41.0968 0x2a34  tap0901 - ok
14:13:41.0971 0x2a34  TapiSrv - ok
14:13:41.0974 0x2a34  Tcpip - ok
14:13:41.0979 0x2a34  Tcpip6 - ok
14:13:41.0987 0x2a34  tcpipreg - ok
14:13:41.0991 0x2a34  tdx - ok
14:13:41.0998 0x2a34  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
14:13:42.0000 0x2a34  terminpt - ok
14:13:42.0003 0x2a34  TermService - ok
14:13:42.0008 0x2a34  Themes - ok
14:13:42.0013 0x2a34  TieringEngineService - ok
14:13:42.0017 0x2a34  tiledatamodelsvc - ok
14:13:42.0020 0x2a34  TimeBrokerSvc - ok
14:13:42.0030 0x2a34  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
14:13:42.0051 0x2a34  TPM - ok
14:13:42.0054 0x2a34  TrkWks - ok
14:13:42.0059 0x2a34  [ 285ADEE074CCC795C1482E2E4BE5B5F3, C5E72613FAC9B223D6B433BEB7F703F9C654D5F7AB4EFDE5F1CDD71AD151C5C4 ] TrueColor       C:\WINDOWS\system32\DRIVERS\TrueColor.sys
14:13:42.0061 0x2a34  TrueColor - ok
14:13:42.0065 0x2a34  [ 0D5A09B08568760AE85A801FCBC0F83D, 347ACBA74FDCBEAC671521739F8A34EC0E378CAF716C31F55616F9F843E4D0D3 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
14:13:42.0080 0x2a34  TrueSight - ok
14:13:42.0083 0x2a34  TrustedInstaller - ok
14:13:42.0087 0x2a34  tsusbflt - ok
14:13:42.0091 0x2a34  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
14:13:42.0092 0x2a34  TsUsbGD - ok
14:13:42.0098 0x2a34  [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub        C:\WINDOWS\system32\drivers\tsusbhub.sys
14:13:42.0102 0x2a34  tsusbhub - ok
14:13:42.0104 0x2a34  tunnel - ok
14:13:42.0111 0x2a34  tzautoupdate - ok
14:13:42.0115 0x2a34  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
14:13:42.0118 0x2a34  UASPStor - ok
14:13:42.0121 0x2a34  UcmCx0101 - ok
14:13:42.0124 0x2a34  UcmTcpciCx0101 - ok
14:13:42.0128 0x2a34  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
14:13:42.0130 0x2a34  UcmUcsi - ok
14:13:42.0133 0x2a34  Ucx01000 - ok
14:13:42.0136 0x2a34  UdeCx - ok
14:13:42.0139 0x2a34  udfs - ok
14:13:42.0142 0x2a34  UEFI - ok
14:13:42.0145 0x2a34  UevAgentDriver - ok
14:13:42.0149 0x2a34  UevAgentService - ok
14:13:42.0151 0x2a34  Ufx01000 - ok
14:13:42.0156 0x2a34  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
14:13:42.0159 0x2a34  UfxChipidea - ok
14:13:42.0165 0x2a34  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
14:13:42.0169 0x2a34  ufxsynopsys - ok
14:13:42.0177 0x2a34  UI0Detect - ok
14:13:42.0180 0x2a34  umbus - ok
14:13:42.0183 0x2a34  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
14:13:42.0184 0x2a34  UmPass - ok
14:13:42.0188 0x2a34  UmRdpService - ok
14:13:42.0191 0x2a34  UnistoreSvc - ok
14:13:42.0196 0x2a34  upnphost - ok
14:13:42.0199 0x2a34  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
14:13:42.0201 0x2a34  UrsChipidea - ok
14:13:42.0205 0x2a34  UrsCx01000 - ok
14:13:42.0208 0x2a34  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
14:13:42.0210 0x2a34  UrsSynopsys - ok
14:13:42.0214 0x2a34  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
14:13:42.0217 0x2a34  USBAAPL64 - ok
14:13:42.0220 0x2a34  usbccgp - ok
14:13:42.0225 0x2a34  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
14:13:42.0228 0x2a34  usbcir - ok
14:13:42.0232 0x2a34  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
14:13:42.0235 0x2a34  usbehci - ok
14:13:42.0247 0x2a34  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
14:13:42.0256 0x2a34  usbhub - ok
14:13:42.0260 0x2a34  USBHUB3 - ok
14:13:42.0264 0x2a34  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
14:13:42.0266 0x2a34  usbohci - ok
14:13:42.0270 0x2a34  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
14:13:42.0272 0x2a34  usbprint - ok
14:13:42.0277 0x2a34  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
14:13:42.0280 0x2a34  usbser - ok
14:13:42.0285 0x2a34  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
14:13:42.0289 0x2a34  USBSTOR - ok
14:13:42.0292 0x2a34  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
14:13:42.0294 0x2a34  usbuhci - ok
14:13:42.0297 0x2a34  usbvideo - ok
14:13:42.0300 0x2a34  USBXHCI - ok
14:13:42.0303 0x2a34  UserDataSvc - ok
14:13:42.0308 0x2a34  UserManager - ok
14:13:42.0312 0x2a34  UsoSvc - ok
14:13:42.0315 0x2a34  VaultSvc - ok
14:13:42.0319 0x2a34  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
14:13:42.0321 0x2a34  vdrvroot - ok
14:13:42.0324 0x2a34  vds - ok
14:13:42.0328 0x2a34  VerifierExt - ok
14:13:42.0344 0x2a34  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
14:13:42.0368 0x2a34  vhdmp - ok
14:13:42.0371 0x2a34  vhf - ok
14:13:42.0376 0x2a34  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
14:13:42.0380 0x2a34  vmbus - ok
14:13:42.0384 0x2a34  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
14:13:42.0385 0x2a34  VMBusHID - ok
14:13:42.0388 0x2a34  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
14:13:42.0390 0x2a34  vmgid - ok
14:13:42.0394 0x2a34  vmicguestinterface - ok
14:13:42.0397 0x2a34  vmicheartbeat - ok
14:13:42.0399 0x2a34  vmickvpexchange - ok
14:13:42.0404 0x2a34  vmicrdv - ok
14:13:42.0407 0x2a34  vmicshutdown - ok
14:13:42.0410 0x2a34  vmictimesync - ok
14:13:42.0414 0x2a34  vmicvmsession - ok
14:13:42.0417 0x2a34  vmicvss - ok
14:13:42.0422 0x2a34  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
14:13:42.0425 0x2a34  volmgr - ok
14:13:42.0429 0x2a34  volmgrx - ok
14:13:42.0432 0x2a34  volsnap - ok
14:13:42.0435 0x2a34  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
14:13:42.0436 0x2a34  volume - ok
14:13:42.0440 0x2a34  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
14:13:42.0453 0x2a34  vpci - ok
14:13:42.0458 0x2a34  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
14:13:42.0462 0x2a34  vsmraid - ok
14:13:42.0466 0x2a34  VSS - ok
14:13:42.0474 0x2a34  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
14:13:42.0481 0x2a34  VSTXRAID - ok
14:13:42.0484 0x2a34  vwifibus - ok
14:13:42.0487 0x2a34  vwififlt - ok
14:13:42.0490 0x2a34  vwifimp - ok
14:13:42.0493 0x2a34  W32Time - ok
14:13:42.0497 0x2a34  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
14:13:42.0498 0x2a34  WacomPen - ok
14:13:42.0504 0x2a34  WalletService - ok
14:13:42.0506 0x2a34  wanarp - ok
14:13:42.0509 0x2a34  wanarpv6 - ok
14:13:42.0514 0x2a34  wbengine - ok
14:13:42.0517 0x2a34  WbioSrvc - ok
14:13:42.0520 0x2a34  wcifs - ok
14:13:42.0523 0x2a34  Wcmsvc - ok
14:13:42.0526 0x2a34  wcncsvc - ok
14:13:42.0529 0x2a34  wcnfs - ok
14:13:42.0545 0x2a34  WD Backup Drive Helper - ok
14:13:42.0548 0x2a34  WD Backup Snapshot - ok
14:13:42.0551 0x2a34  WdBoot - ok
14:13:42.0555 0x2a34  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
14:13:42.0557 0x2a34  WDC_SAM - ok
14:13:42.0567 0x2a34  [ E84CF717E854D02DF30BD1BCC612BEAC, 31E3D9F5D369C62D32C7A79FA9198BA772223764C2E07E4FA2FE3826F81BE112 ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
14:13:42.0573 0x2a34  WDDriveService - ok
14:13:42.0576 0x2a34  Wdf01000 - ok
14:13:42.0580 0x2a34  WdFilter - ok
14:13:42.0584 0x2a34  WdiServiceHost - ok
14:13:42.0586 0x2a34  WdiSystemHost - ok
14:13:42.0590 0x2a34  wdiwifi - ok
14:13:42.0593 0x2a34  WdNisDrv - ok
14:13:42.0596 0x2a34  WdNisSvc - ok
14:13:42.0600 0x2a34  WebClient - ok
14:13:42.0603 0x2a34  Wecsvc - ok
14:13:42.0606 0x2a34  WEPHOSTSVC - ok
14:13:42.0609 0x2a34  wercplsupport - ok
14:13:42.0613 0x2a34  WerSvc - ok
14:13:42.0615 0x2a34  WFPLWFS - ok
14:13:42.0619 0x2a34  WiaRpc - ok
14:13:42.0622 0x2a34  WIMMount - ok
14:13:42.0626 0x2a34  WinDefend - ok
14:13:42.0633 0x2a34  WindowsTrustedRT - ok
14:13:42.0636 0x2a34  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
14:13:42.0638 0x2a34  WindowsTrustedRTProxy - ok
14:13:42.0641 0x2a34  WinHttpAutoProxySvc - ok
14:13:42.0645 0x2a34  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
14:13:42.0648 0x2a34  WinMad - ok
14:13:42.0653 0x2a34  Winmgmt - ok
14:13:42.0657 0x2a34  WinRM - ok
14:13:42.0665 0x2a34  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
14:13:42.0668 0x2a34  WINUSB - ok
14:13:42.0672 0x2a34  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
14:13:42.0676 0x2a34  WinVerbs - ok
14:13:42.0680 0x2a34  wisvc - ok
14:13:42.0683 0x2a34  WlanSvc - ok
14:13:42.0686 0x2a34  wlidsvc - ok
14:13:42.0689 0x2a34  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
14:13:42.0691 0x2a34  WmiAcpi - ok
14:13:42.0697 0x2a34  wmiApSrv - ok
14:13:42.0700 0x2a34  WMPNetworkSvc - ok
14:13:42.0704 0x2a34  Wof - ok
14:13:42.0708 0x2a34  workfolderssvc - ok
14:13:42.0712 0x2a34  WPDBusEnum - ok
14:13:42.0716 0x2a34  WpdUpFltr - ok
14:13:42.0719 0x2a34  WpnService - ok
14:13:42.0722 0x2a34  WpnUserService - ok
14:13:42.0729 0x2a34  ws2ifsl - ok
14:13:42.0734 0x2a34  wscsvc - ok
14:13:42.0739 0x2a34  [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
14:13:42.0740 0x2a34  WSDPrintDevice - ok
14:13:42.0745 0x2a34  [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
14:13:42.0746 0x2a34  WSDScan - ok
14:13:42.0749 0x2a34  WSearch - ok
14:13:42.0754 0x2a34  wuauserv - ok
14:13:42.0757 0x2a34  WudfPf - ok
14:13:42.0760 0x2a34  WUDFRd - ok
14:13:42.0764 0x2a34  wudfsvc - ok
14:13:42.0768 0x2a34  WUDFWpdFs - ok
14:13:42.0771 0x2a34  WUDFWpdMtp - ok
14:13:42.0774 0x2a34  WwanSvc - ok
14:13:42.0778 0x2a34  XblAuthManager - ok
14:13:42.0782 0x2a34  XblGameSave - ok
14:13:42.0790 0x2a34  [ DB77764B46D02DCB9777D9E00A3F7D63, 469491E3A57FBB0CB0482A2493823B57410E24A5BD4C1C96D79FE9888F7827BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
14:13:42.0810 0x2a34  xboxgip - ok
14:13:42.0814 0x2a34  XboxNetApiSvc - ok
14:13:42.0818 0x2a34  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
14:13:42.0829 0x2a34  xinputhid - ok
14:13:42.0836 0x2a34  [ 21E13F2CB269DEFEAE5E1D09887D47BB, 543991CA8D1C65113DFF039B85AE3F9A87F503DAEC30F46929FD454BC57E5A91 ] ZAM             C:\WINDOWS\System32\drivers\zam64.sys
14:13:42.0858 0x2a34  ZAM - ok
14:13:42.0865 0x2a34  [ 21E13F2CB269DEFEAE5E1D09887D47BB, 543991CA8D1C65113DFF039B85AE3F9A87F503DAEC30F46929FD454BC57E5A91 ] ZAM_Guard       C:\WINDOWS\System32\drivers\zamguard64.sys
14:13:42.0886 0x2a34  ZAM_Guard - ok
14:13:42.0895 0x2a34  ================ Scan global ===============================
14:13:42.0903 0x2a34  [ Global ] - ok
14:13:42.0903 0x2a34  ================ Scan MBR ==================================
14:13:42.0905 0x2a34  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:13:42.0912 0x2a34  \Device\Harddisk0\DR0 - ok
14:13:42.0915 0x2a34  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:13:42.0918 0x2a34  \Device\Harddisk1\DR1 - ok
14:13:42.0920 0x2a34  ================ Scan VBR ==================================
14:13:42.0921 0x2a34  [ F377AFB53866EAD139BD8E4F050549D6 ] \Device\Harddisk0\DR0\Partition1
14:13:42.0921 0x2a34  \Device\Harddisk0\DR0\Partition1 - ok
14:13:42.0923 0x2a34  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
14:13:42.0923 0x2a34  \Device\Harddisk0\DR0\Partition2 - ok
14:13:42.0925 0x2a34  [ DFD2CC3068EE6AAE076FF77F26CE66ED ] \Device\Harddisk0\DR0\Partition3
14:13:42.0927 0x2a34  \Device\Harddisk0\DR0\Partition3 - ok
14:13:42.0929 0x2a34  [ CE704E2E8EBAB994A57016832B428A79 ] \Device\Harddisk0\DR0\Partition4
14:13:42.0930 0x2a34  \Device\Harddisk0\DR0\Partition4 - ok
14:13:42.0932 0x2a34  [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk1\DR1\Partition1
14:13:42.0934 0x2a34  \Device\Harddisk1\DR1\Partition1 - ok
14:13:42.0934 0x2a34  ================ Scan generic autorun ======================
14:13:42.0934 0x2a34  WindowsDefender - ok
14:13:42.0984 0x2a34  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
14:13:43.0026 0x2a34  Malwarebytes TrayApp - ok
14:13:43.0035 0x2a34  [ 1D03B29A466B542966EF23F9A9C242B1, 4D528C0197F01001295F57B36E92C40EE1804196AC6E8A3D7FF031D293038159 ] C:\Program Files\iTunes\iTunesHelper.exe
14:13:43.0076 0x2a34  iTunesHelper - ok
14:13:43.0079 0x2a34  OneDriveSetup - ok
14:13:43.0080 0x2a34  OneDriveSetup - ok
14:13:43.0233 0x2a34  [ 8D3D5BA1638778DE87503E5FEA68DC9F, D54C2B375A6F8A49BC53CAA3ED8A0EEBF53FD113BB47622F4AE6DA762D194FE7 ] C:\Program Files\CCleaner\CCleaner64.exe
14:13:43.0463 0x2a34  CCleaner Monitoring - ok
14:13:43.0470 0x2a34  Waiting for KSN requests completion. In queue: 153
14:13:44.0504 0x2a34  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.1066 ), 0x61100 ( enabled : updated )
14:13:44.0511 0x2a34  Win FW state via NFP2: enabled ( trusted )
14:13:45.0421 0x2a34  ============================================================
14:13:45.0421 0x2a34  Scan finished
14:13:45.0421 0x2a34  ============================================================
14:13:45.0444 0x134c  Detected object count: 0
14:13:45.0444 0x134c  Actual detected object count: 0

 


#12 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 17 April 2017 - 02:04 PM

Below are the aswMBR logs.  When clicking yes to virtualization my computer crashed and this appeared:

IMG_4097.JPG

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-04-17 14:31:06
-----------------------------
14:31:06.941    OS Version: Windows x64 6.2.9200 
14:31:06.941    Number of processors: 4 586 0x4501
14:31:06.942    ComputerName: CMTC  UserName: 
14:31:07.230    Initialize success
14:31:07.297    VM: initialized successfully
14:31:07.298    VM: Intel CPU supported 
14:31:16.716    VM: not used
14:33:07.183    AVAST engine defs: 17030301
14:49:04.217    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
14:49:04.219    Disk 0 Vendor: SAMSUNG_MZMTE128HMGR-000MV EXT42M0Q Size: 122104MB BusType: 11
14:49:04.229    Disk 0 MBR read successfully
14:49:04.232    Disk 0 MBR scan
14:49:04.238    Disk 0 unknown MBR code
14:49:04.241    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
14:49:04.269    Disk 0 scanning C:\WINDOWS\system32\drivers
14:49:08.889    Service scanning
14:49:12.800    Service MpKsl255420ed C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56BE7F80-FADF-4662-9025-B7DFED570418}\MpKsl255420ed.sys **LOCKED** 32
14:49:18.403    Modules scanning
14:49:18.425    Disk 0 trace - called modules:
14:49:18.447    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 
14:49:18.460    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffd70974f43060]
14:49:18.467    3 CLASSPNP.SYS[fffff80e7dff5efb] -> nt!IofCallDriver -> [0xffffd709743e6910]
14:49:18.475    5 ACPI.sys[fffff80e7d254571] -> nt!IofCallDriver -> [0xffffd709743e6e40]
14:49:18.482    7 ACPI.sys[fffff80e7d254571] -> nt!IofCallDriver -> \Device\00000032[0xffffd709743e7060]
14:49:18.745    AVAST engine scan C:\WINDOWS
14:49:19.117    AVAST engine scan C:\WINDOWS\system32
14:49:46.809    AVAST engine scan C:\WINDOWS\system32\drivers
14:49:51.904    AVAST engine scan C:\Users\Celeste
14:52:09.660    AVAST engine scan C:\ProgramData
14:52:50.728    Disk 0 statistics 1208838/0/0 @ 13.34 MB/s
14:52:50.734    Scan finished successfully
14:54:28.642    Disk 0 MBR has been saved successfully to "C:\Users\Celeste\Desktop\MBR.dat"
14:54:28.649    The log file has been saved successfully to "C:\Users\Celeste\Desktop\aswMBR.txt"
 

Attached Files



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 18 April 2017 - 07:02 AM

Who Crashed.

http://www.resplendence.com/whocrashed


Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.

#14 cmtc

cmtc
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:14 PM

Posted 18 April 2017 - 08:58 AM

Below are results.

System Information (local)

Computer name: CMTC
Windows version: Windows 10 , 10.0, build: 14393
Windows dir: C:\WINDOWS
Hardware: Surface Pro 3, Microsoft Corporation
CPU: GenuineIntel Intel® Core™ i7-4650U CPU @ 1.70GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 8490409984 bytes total


 

Crash Dump Analysis

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer
 

Conclusion

Crash dumps are enabled but no valid crash dumps have been found. In case you are experiencing system crashes, it may be that crash dumps are prevented from being written out. Check out the following article for possible causes: If crash dumps are not written out.



Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further. 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:14 PM

Posted 19 April 2017 - 08:42 AM


The BSOD was not caused by a Driver.

I suggest you run the Microsoft Surface Diagnostic Toolkit
https://technet.microsoft.com/en-us/itpro/surface/surface-diagnostic-toolkit

If a problem is found and the Computer is still under warranty I would return it.

I will leave this topic open until you advise other wise.
===

p.s.
If the only problem was to run the virtualization option I would let it go.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users